Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit364d36d

Browse files
committed
chore: restrict GitHub workflow permissions - future-proof
Signed-off-by: Melissa Kilby <mkilby@apple.com>
1 parenta71b1ea commit364d36d

File tree

4 files changed

+11
-0
lines changed

4 files changed

+11
-0
lines changed

‎.github/workflows/auto_update_version.yml‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
name:Update PrintVersion on release branch creation
22

3+
permissions:
4+
contents:read
5+
36
on:
47
create:
58
branches:

‎.github/workflows/automerge.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name:Create PR to merge main into release branch
22
# In the first period after branching the release branch, we typically want to include all changes from `main` also in the release branch. This workflow automatically creates a PR every Monday to merge main into the release branch.
33
# Later in the release cycle we should stop this practice to avoid landing risky changes by disabling this workflow. To do so, disable the workflow as described in https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow
4+
permissions:
5+
contents:read
46
on:
57
schedule:
68
-cron:'0 9 * * MON'

‎.github/workflows/publish_release.yml‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
name:Publish Release
22

3+
permissions:
4+
contents:read
5+
36
on:
47
workflow_dispatch:
58
inputs:

‎.github/workflows/pull_request.yml‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ name: Pull request
33
# PRs created by GitHub Actions don't kick off further actions (https://github.com/peter-evans/create-pull-request/blob/d57e551ebc1a16dee0b8c9ea6d24dba7627a6e35/docs/concepts-guidelines.md#triggering-further-workflow-runs).
44
# As a workaround, we mark automerge PRs that are created by GitHub actions as draft and trigger the GitHub actions by marking the PR as ready for review. We'd prefer not re-triggering testing on a normal user's PR in this case, but skipping them causes the checks to reset.
55

6+
permissions:
7+
contents:read
8+
69
on:
710
pull_request:
811
types:[opened, reopened, synchronize, ready_for_review]

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp