Browse Source
Adds explicit permissions to workflows
Specifies explicit permissions for GitHub Actions workflows to enhance security and control access to resources.
This ensures that each workflow only has the necessary permissions, following the principle of least privilege.
Daniel Gibbs
4 months ago
8 changed files with
22 additions and
0 deletions
.github/workflows/add-to-project.yml
.github/workflows/details-check.yml
.github/workflows/git-sync.yml
.github/workflows/potential-duplicates.yml
.github/workflows/serverlist-validate.yml
.github/workflows/trigger-docker-build.yml
.github/workflows/update-check.yml
.github/workflows/update-copyright-years-in-license-file.yml
@ -5,6 +5,8 @@ on:
- opened
- labeled
permissions : {}
jobs:
add-to-project:
if : github.repository_owner == 'GameServerManagers'
@ -6,6 +6,9 @@ on:
branches:
- develop
permissions:
contents : read
concurrency:
group : details-check-${{ github.ref_name }}
cancel-in-progress : true
@ -7,6 +7,8 @@ on:
- master
- develop
permissions : {}
jobs:
gitHub-to-bitbucket:
if : github.repository_owner == 'GameServerManagers'
@ -3,6 +3,10 @@ on:
issues:
types:
- opened
permissions:
issues : write
jobs:
potential-duplicates:
if : github.repository_owner == 'GameServerManagers'
@ -3,6 +3,9 @@ on:
workflow_dispatch:
push:
permissions:
contents : read
jobs:
serverlist-validate:
if : github.repository_owner == 'GameServerManagers'
@ -6,6 +6,8 @@ on:
types:
- published
permissions : {}
jobs:
trigger_build_docker-linuxgsm:
if : github.repository_owner == 'GameServerManagers'
@ -6,6 +6,8 @@ on:
branches:
- develop
permissions : {}
concurrency:
group : update-check-${{ github.ref_name }}
cancel-in-progress : true
@ -4,6 +4,10 @@ on:
schedule:
- cron : "0 3 1 1 *" # 03:00 AM on January 1
permissions:
contents : write
pull-requests : write
jobs:
update-license-year:
if : github.repository_owner == 'GameServerManagers'
Daniel Gibbs
4 months ago