-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove all possible GitHub Action permissions
Set the GitHub Actions token permission to null in all workflows. This results in: GITHUB_TOKEN Permissions Metadata: read The default permissions, used without the null override, are: GITHUB_TOKEN Permissions Actions: read Checks: read Contents: read Deployments: read Discussions: read Issues: read Metadata: read Packages: read Pages: read PullRequests: read RepositoryProjects: read SecurityEvents: read Statuses: read I suspect the dependent issues job may need PullRequests: read Issues: read but it would be nice to verify it does fail without them. That's not possible to test from a PR because the job triggers from merged config. Relates-to: submariner-io/submariner#1740 Signed-off-by: Daniel Farrell <[email protected]>
- Loading branch information
1 parent
dcc3359
commit 8df79e6
Showing
13 changed files
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,8 @@ name: Branch Checks | |
| on: | ||
| pull_request: | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| target_branch: | ||
| name: PR targets branch | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,6 +7,8 @@ on: | |
| - 'CODEOWNERS' | ||
| - 'CODEOWNERS.in' | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| updated: | ||
| name: Up-to-date | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,8 @@ name: End to End Default | |
| on: | ||
| pull_request: | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| e2e: | ||
| name: E2E | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,8 @@ on: | |
| schedule: | ||
| - cron: "0 0,1 * * *" | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| e2e: | ||
| name: E2E | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,6 +7,8 @@ on: | |
| - devel | ||
| - release-* | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| release: | ||
| name: Release Images | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,6 +7,8 @@ on: | |
| - devel | ||
| - release-* | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| unit-coverage: | ||
| name: Go Unit Test Coverage | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,8 @@ name: Unit Tests | |
| on: | ||
| pull_request: | ||
|
|
||
| permissions: {} | ||
|
|
||
| jobs: | ||
| unit-testing: | ||
| name: Go Unit Tests | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters