diff options
| author | Brent Pendergraft <pendergraft@github.com> | 2025-04-10 22:16:09 +0000 |
|---|---|---|
| committer | Brent Pendergraft <pendergraft@github.com> | 2025-04-10 22:16:09 +0000 |
| commit | b074c3ffbd5d55f035dcb4e483f126cc10789308 (patch) | |
| tree | bd6b047914c3602c4410ed202a20614dcdd1628e | |
| parent | 1cd73ab20b4ba8355d380bd1f422ddf49c47a7af (diff) | |
| download | rest-api-description-b074c3ffbd5d55f035dcb4e483f126cc10789308.tar.gz rest-api-description-b074c3ffbd5d55f035dcb4e483f126cc10789308.zip | |
include permissions on all GitHub Actions workflows
| -rw-r--r-- | .github/workflows/add-to-project.yml | 5 | ||||
| -rw-r--r-- | .github/workflows/check-for-spammy-issues.yml | 5 | ||||
| -rw-r--r-- | .github/workflows/copy-documentation-issue.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/copy-feature-issue.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/linter.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/release-notifier.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/release.yml | 6 |
7 files changed, 23 insertions, 7 deletions
diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index 741899588..fc4eefcca 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -1,4 +1,7 @@ name: Add issues to API team project +permissions: + issues: write + contents: read on: issues: @@ -13,4 +16,4 @@ jobs: - uses: actions/add-to-project@main with: project-url: https://github.com/orgs/github/projects/8014 - github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
\ No newline at end of file + github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }} diff --git a/.github/workflows/check-for-spammy-issues.yml b/.github/workflows/check-for-spammy-issues.yml index ab6dd48b3..a0acc6607 100644 --- a/.github/workflows/check-for-spammy-issues.yml +++ b/.github/workflows/check-for-spammy-issues.yml @@ -1,5 +1,8 @@ name: Check for Spammy Issues - +permissions: + issues: write + pull-requests: write + contents: read # **What it does**: This action closes low value pull requests in the open-source repository. # **Why we have it**: We get lots of spam in the open-source repository. # **Who does it impact**: Open-source contributors. diff --git a/.github/workflows/copy-documentation-issue.yml b/.github/workflows/copy-documentation-issue.yml index 39512ba88..8d2b3cc92 100644 --- a/.github/workflows/copy-documentation-issue.yml +++ b/.github/workflows/copy-documentation-issue.yml @@ -1,11 +1,13 @@ # When the `documentation` label is added for documentation issues, -# this workflow copies the issue to the API team repo which can then -# be transferred to the feature team that owns the problem endpoint +# this workflow copies the issue to the API team repo which can then +# be transferred to the feature team that owns the problem endpoint # so they can resolve the documentation problem # (we do not transfer the original issue so that the issue does not disappear for the contributor) name: Copy documentation issue - +permissions: + issues: write + contents: read on: issues: types: diff --git a/.github/workflows/copy-feature-issue.yml b/.github/workflows/copy-feature-issue.yml index 01cf81567..20c6af325 100644 --- a/.github/workflows/copy-feature-issue.yml +++ b/.github/workflows/copy-feature-issue.yml @@ -1,4 +1,7 @@ name: Copy feature issue +permissions: + issues: write + contents: read on: issues: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d51c8d4b5..e9b8c9d2f 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -1,5 +1,7 @@ --- name: Lint OpenAPI Descriptions +permissions: + contents: read on: - push diff --git a/.github/workflows/release-notifier.yml b/.github/workflows/release-notifier.yml index c5869c7c3..7d826afb9 100644 --- a/.github/workflows/release-notifier.yml +++ b/.github/workflows/release-notifier.yml @@ -1,4 +1,5 @@ name: Release Notifier +permissions: {} on: release: types: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a7032a8ed..b623fd130 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,9 @@ on: - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 name: Release and Upload Assets - +permissions: + contents: write + jobs: build: name: Release and Upload Assets @@ -32,7 +34,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps asset_path: ./descriptions.zip asset_name: descriptions.zip asset_content_type: application/zip |