GitHub Workflows security hardening (#14799)

* build: harden update_frontend.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden update_zhc.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden ghcr_cleanup.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden update_zh.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
Alex
2022-11-05 15:21:55 +02:00
committed by GitHub
parent 360a777a4e
commit e66fe8534e
4 changed files with 16 additions and 0 deletions
+1
View File
@@ -3,6 +3,7 @@ on:
name: GHCR cleanup
permissions: {}
jobs:
build:
runs-on: ubuntu-latest
+5
View File
@@ -3,8 +3,13 @@ on:
repository_dispatch:
types: update_frontend
permissions: {}
jobs:
update_frontend:
permissions:
contents: write # to create branch (peter-evans/create-pull-request)
pull-requests: write # to create a PR (peter-evans/create-pull-request)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
+5
View File
@@ -3,8 +3,13 @@ on:
repository_dispatch:
types: update_zh
permissions: {}
jobs:
update_zh:
permissions:
contents: write # to create branch (peter-evans/create-pull-request)
pull-requests: write # to create a PR (peter-evans/create-pull-request)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
+5
View File
@@ -3,8 +3,13 @@ on:
repository_dispatch:
types: update_zhc
permissions: {}
jobs:
update_zhc:
permissions:
contents: write # to create branch (peter-evans/create-pull-request)
pull-requests: write # to create a PR (peter-evans/create-pull-request)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3