Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit888c4ce

Browse files
authored
CI: Resolve OSSF GitHub token permissions security alert (anuraghazra#2891)
1 parentecac85e commit888c4ce

10 files changed

+124
-0
lines changed

‎.github/workflows/e2e-test.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ name: Test Deployment
22
on:
33
deployment_status:
44

5+
permissions:read-all
6+
57
jobs:
68
e2eTests:
79
if:

‎.github/workflows/empty-issues-closer.yaml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,21 @@ on:
66
-opened
77
-edited
88

9+
permissions:
10+
actions:read
11+
checks:read
12+
contents:read
13+
deployments:read
14+
id-token:read
15+
issues:write
16+
discussions:read
17+
packages:read
18+
pages:read
19+
pull-requests:read
20+
repository-projects:read
21+
security-events:read
22+
statuses:read
23+
924
jobs:
1025
closeEmptyIssuesAndTemplates:
1126
if:github.repository == 'anuraghazra/github-readme-stats'

‎.github/workflows/generate-theme-doc.yml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,21 @@ on:
66
paths:
77
-"themes/index.js"
88

9+
permissions:
10+
actions:read
11+
checks:read
12+
contents:write
13+
deployments:read
14+
id-token:read
15+
issues:read
16+
discussions:read
17+
packages:read
18+
pages:read
19+
pull-requests:read
20+
repository-projects:read
21+
security-events:read
22+
statuses:read
23+
924
jobs:
1025
generateThemeDoc:
1126
runs-on:ubuntu-latest

‎.github/workflows/label-pr.yml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,21 @@ name: "Pull Request Labeler"
22
on:
33
-pull_request_target
44

5+
permissions:
6+
actions:read
7+
checks:read
8+
contents:read
9+
deployments:read
10+
id-token:read
11+
issues:read
12+
discussions:read
13+
packages:read
14+
pages:read
15+
pull-requests:write
16+
repository-projects:read
17+
security-events:read
18+
statuses:read
19+
520
jobs:
621
triage:
722
if:github.repository == 'anuraghazra/github-readme-stats'

‎.github/workflows/preview-theme.yml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,21 @@ on:
77
paths:
88
-"themes/index.js"
99

10+
permissions:
11+
actions:read
12+
checks:read
13+
contents:read
14+
deployments:read
15+
id-token:read
16+
issues:read
17+
discussions:read
18+
packages:read
19+
pages:read
20+
pull-requests:write
21+
repository-projects:read
22+
security-events:read
23+
statuses:read
24+
1025
jobs:
1126
previewTheme:
1227
name:Install & Preview

‎.github/workflows/prs-cache-clean.yml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,21 @@ on:
44
types:
55
-closed
66

7+
permissions:
8+
actions:write
9+
checks:read
10+
contents:read
11+
deployments:read
12+
id-token:read
13+
issues:read
14+
discussions:read
15+
packages:read
16+
pages:read
17+
pull-requests:read
18+
repository-projects:read
19+
security-events:read
20+
statuses:read
21+
722
jobs:
823
cleanup:
924
runs-on:ubuntu-latest

‎.github/workflows/stale-theme-pr-closer.yaml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,21 @@ on:
33
schedule:
44
-cron:"0 0 */7 * *"
55

6+
permissions:
7+
actions:read
8+
checks:read
9+
contents:read
10+
deployments:read
11+
id-token:read
12+
issues:read
13+
discussions:read
14+
packages:read
15+
pages:read
16+
pull-requests:write
17+
repository-projects:read
18+
security-events:read
19+
statuses:read
20+
621
jobs:
722
closeOldThemePrs:
823
if:github.repository == 'anuraghazra/github-readme-stats'

‎.github/workflows/test.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ on:
77
branches:
88
-master
99

10+
permissions:read-all
11+
1012
jobs:
1113
build:
1214
name:Perform tests

‎.github/workflows/top-issues-dashboard.yml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,21 @@ on:
44
-cron:"0 0 */3 * *"
55
workflow_dispatch:
66

7+
permissions:
8+
actions:read
9+
checks:read
10+
contents:read
11+
deployments:read
12+
id-token:read
13+
issues:write
14+
discussions:read
15+
packages:read
16+
pages:read
17+
pull-requests:write
18+
repository-projects:read
19+
security-events:read
20+
statuses:read
21+
722
jobs:
823
showAndLabelTopIssues:
924
if:github.repository == 'anuraghazra/github-readme-stats'

‎.github/workflows/update-langs.yaml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,21 @@ on:
33
schedule:
44
-cron:"0 0 */30 * *"
55

6+
permissions:
7+
actions:read
8+
checks:read
9+
contents:read
10+
deployments:read
11+
id-token:read
12+
issues:read
13+
discussions:read
14+
packages:read
15+
pages:read
16+
pull-requests:write
17+
repository-projects:read
18+
security-events:read
19+
statuses:read
20+
621
jobs:
722
updateLanguages:
823
if:github.repository == 'anuraghazra/github-readme-stats'

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp