Skip to content

Commit 01d7f1f

Browse files
committed
CI: Set workflow permissions
Adviced by the GH CodeQL scanner (cherry picked from commit ce3b4ad) # Conflicts: # .github/workflows/backport.yml # .github/workflows/brakeman-analysis.yml # .github/workflows/build_test.yml # .github/workflows/lint.yml
1 parent 83bf9dc commit 01d7f1f

File tree

4 files changed

+21
-1
lines changed

4 files changed

+21
-1
lines changed

.github/workflows/brakeman-analysis.yml

+7
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,13 @@
33

44
name: Brakeman Scan
55

6+
concurrency:
7+
group: brakeman-${{ github.ref_name }}
8+
cancel-in-progress: ${{ github.ref_name != 'main' }}
9+
10+
permissions:
11+
contents: read
12+
613
on:
714
push:
815
branches:

.github/workflows/lint.yml

+7
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,13 @@ name: Lint
22

33
on: [pull_request]
44

5+
concurrency:
6+
group: lint-${{ github.ref_name }}
7+
cancel-in-progress: ${{ github.ref_name != 'main' }}
8+
9+
permissions:
10+
contents: read
11+
512
jobs:
613
Standard:
714
runs-on: ubuntu-22.04

.github/workflows/stale.yml

+4-1
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,13 @@ on:
44
schedule:
55
- cron: "0 0 * * *"
66

7+
permissions:
8+
pull-requests: write
9+
issues: write
10+
711
jobs:
812
stale:
913
runs-on: ubuntu-22.04
10-
1114
steps:
1215
- uses: actions/stale@v5
1316
with:

.github/workflows/test.yml

+3
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
- 7.0-stable
77
pull_request:
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
RSpec:
1114
runs-on: ubuntu-22.04

0 commit comments

Comments
 (0)