Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-03-14 15:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Additional workflow permissions tweaks

Browse Source 
Signed-off-by: Eddie Knight <knight@linux.com>
This commit is contained in:
Eddie Knight
2022-10-20 12:48:05 -05:00
parent 138cba6e57
commit 73692df272
3 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/release-manifests.yml vendored
View File

@@ -8,11 +8,11 @@ permissions:
contents: read contents: read
jobs: jobs:
permissions:
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
build-push: build-push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Setup Kustomize - name: Setup Kustomize

4
.github/workflows/release.yaml vendored
View File

@@ -5,9 +5,7 @@ on:
tags: [ 'v*' ] tags: [ 'v*' ]
permissions: permissions:
contents: write # needed to write releases contents: read
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs: jobs:
goreleaser: goreleaser:

4
.github/workflows/scan.yaml vendored
View File

@@ -51,10 +51,10 @@ jobs:
sarif_file: snyk.sarif sarif_file: snyk.sarif
codeql: codeql:
permissions:
security-events: write # for codeQL to write security events
name: CodeQL name: CodeQL
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
security-events: write # for codeQL to write security events
if: github.actor != 'dependabot[bot]' if: github.actor != 'dependabot[bot]'
steps: steps:
- name: Checkout repository - name: Checkout repository