Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minimize GHA permissions #236

Merged
merged 1 commit into from
Aug 25, 2022
Merged

Minimize GHA permissions #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/branch.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ name: Branch Checks
on:
pull_request:

permissions: {}

jobs:
target_branch:
name: PR targets branch
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/codeowners.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ on:
- 'CODEOWNERS'
- 'CODEOWNERS.in'

permissions: {}

jobs:
updated:
name: Up-to-date
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/cross.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
pull_request:
types: [ready_for_review, opened, reopened, synchronize, converted_to_draft, labeled]

permissions: {}

jobs:
cross:
name: Cross-Build
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/dependent-issues.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ on:
schedule:
- cron: '0 0/6 * * *' # every 6 hours

permissions:
issues: write
pull-requests: write
statuses: write

jobs:
check:
name: Check Dependencies
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/e2e-full.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
pull_request:
types: [labeled, opened, synchronize, reopened]

permissions: {}

jobs:
e2e:
name: E2E
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ name: End to End Default
on:
pull_request:

permissions: {}

jobs:
e2e:
name: E2E
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/linting.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ name: Linting
on:
pull_request:

permissions: {}

jobs:
apply-suggestions-commits:
name: 'No "Apply suggestions from code review" Commits'
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/multiarch.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ name: Multi-arch Builds
on:
pull_request:

permissions: {}

jobs:
check-multiarch:
name: Check the multi-arch builds
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/periodic.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
schedule:
- cron: "0 0 * * 0"

permissions: {}

jobs:
markdown-link-check-periodic:
name: Markdown Links (all files)
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ on:
- devel
- release-*

permissions: {}

jobs:
release:
name: Release Images
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/release_subctl_on_push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ on:
branches:
- devel

permissions: {}

jobs:
release-subctl-on-push:
if: github.repository_owner == 'submariner-io'
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/report.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,15 @@ on:
- devel
- release-*

permissions: {}

jobs:
vulnerability-scan:
name: Vulnerability Scanning
if: github.repository_owner == 'submariner-io'
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Check out the repository
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/system.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ name: System Tests
on:
pull_request:

permissions: {}

jobs:
system-test:
name: Subctl Commands
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/unit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ on:
tags:
- 'v**'

permissions: {}

jobs:
unit-testing:
name: Go Unit Tests
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/upgrade-e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ on:
types: [ready_for_review, opened, reopened, synchronize, converted_to_draft, labeled]
branches: [devel]

permissions: {}

jobs:
upgrade-e2e:
name: Latest Release to Latest Version
Expand Down