Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Additional workflow permissions tweaks

Browse Source 
Signed-off-by: Eddie Knight <knight@linux.com>
pull/3232/head
Eddie Knight 2 years ago
parent 138cba6e57
commit 73692df272
3 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File

6
.github/workflows/release-manifests.yml vendored
Unescape Escape View File

@ -8,11 +8,11 @@ permissions:
contents: read contents: read
jobs: jobs:
permissions:
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
build-push: build-push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Setup Kustomize - name: Setup Kustomize

4
.github/workflows/release.yaml vendored
Unescape Escape View File

@ -5,9 +5,7 @@ on:
tags: [ 'v*' ] tags: [ 'v*' ]
permissions: permissions:
contents: write # needed to write releases contents: read
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs: jobs:
goreleaser: goreleaser:

4
.github/workflows/scan.yaml vendored
Unescape Escape View File

@ -51,10 +51,10 @@ jobs:
sarif_file: snyk.sarif sarif_file: snyk.sarif
codeql: codeql:
permissions:
security-events: write # for codeQL to write security events
name: CodeQL name: CodeQL
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
security-events: write # for codeQL to write security events
if: github.actor != 'dependabot[bot]' if: github.actor != 'dependabot[bot]'
steps: steps:
- name: Checkout repository - name: Checkout repository

Write Preview
Loading…
Cancel
Save