Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3232 from eddie-knight/fix/workflow-permissions

Browse Source 
Additional workflow permissions tweaks
pull/3236/head
Stefan Prodan 2 years ago committed by GitHub
parent 138cba6e57 73692df272
commit 6f6c097980
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File

4
.github/workflows/release-manifests.yml vendored
Unescape Escape View File

@ -8,11 +8,11 @@ permissions:
contents: read contents: read
jobs: jobs:
build-push:
runs-on: ubuntu-latest
permissions: permissions:
id-token: write # needed for keyless signing id-token: write # needed for keyless signing
packages: write # needed for ghcr access packages: write # needed for ghcr access
build-push:
runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Setup Kustomize - name: Setup Kustomize

4
.github/workflows/release.yaml vendored
Unescape Escape View File

@ -5,9 +5,7 @@ on:
tags: [ 'v*' ] tags: [ 'v*' ]
permissions: permissions:
contents: write # needed to write releases contents: read
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs: jobs:
goreleaser: goreleaser:

4
.github/workflows/scan.yaml vendored
Unescape Escape View File

@ -51,10 +51,10 @@ jobs:
sarif_file: snyk.sarif sarif_file: snyk.sarif
codeql: codeql:
permissions:
security-events: write # for codeQL to write security events
name: CodeQL name: CodeQL
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
security-events: write # for codeQL to write security events
if: github.actor != 'dependabot[bot]' if: github.actor != 'dependabot[bot]'
steps: steps:
- name: Checkout repository - name: Checkout repository

Write Preview
Loading…
Cancel
Save