chore: update permissions for actions
This commit is contained in:
Jun Kurihara
parent
886aa74d6c
commit
e60e5f68a1
5 changed files with 23 additions and 23 deletions
23
.github/dependabot.yml
vendored
23
.github/dependabot.yml
vendored
|
|
@ -1,6 +1,3 @@
|
|||
# Basic dependabot.yml file with
|
||||
# minimum configuration for two package managers
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
# Enable version updates for cargo
|
||||
|
|
@ -9,26 +6,6 @@ updates:
|
|||
schedule:
|
||||
interval: "daily"
|
||||
|
||||
- package-ecosystem: "cargo"
|
||||
directory: "/rpxy-bin"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
|
||||
- package-ecosystem: "cargo"
|
||||
directory: "/rpxy-lib"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
|
||||
- package-ecosystem: "cargo"
|
||||
directory: "/rpxy-certs"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
|
||||
- package-ecosystem: "cargo"
|
||||
directory: "/rpxy-acme"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
|
||||
# Enable version updates for Docker
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/docker"
|
||||
|
|
|
|||
3
.github/workflows/ci.yml
vendored
3
.github/workflows/ci.yml
vendored
|
|
@ -5,6 +5,9 @@ on:
|
|||
pull_request:
|
||||
types: [synchronize, opened]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
CARGO_TERM_COLOR: always
|
||||
|
||||
|
|
|
|||
10
.github/workflows/release.yml
vendored
10
.github/workflows/release.yml
vendored
|
|
@ -14,6 +14,10 @@ on:
|
|||
|
||||
jobs:
|
||||
on-success:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: read
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'repositry_dispatch' }}
|
||||
strategy:
|
||||
|
|
@ -98,12 +102,18 @@ jobs:
|
|||
path: "/tmp/${{ steps.set-env.outputs.target_name }}"
|
||||
|
||||
on-failure:
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' }}
|
||||
steps:
|
||||
- run: echo 'The release triggering workflows failed'
|
||||
|
||||
release:
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event_name == 'repository_dispatch' }}
|
||||
needs: on-success
|
||||
|
|
|
|||
8
.github/workflows/release_docker.yml
vendored
8
.github/workflows/release_docker.yml
vendored
|
|
@ -16,6 +16,10 @@ env:
|
|||
|
||||
jobs:
|
||||
build_and_push:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
runs-on: ubuntu-22.04
|
||||
if: ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }}
|
||||
strategy:
|
||||
|
|
@ -199,6 +203,10 @@ jobs:
|
|||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
dispatch_release_event:
|
||||
permissions:
|
||||
contents: write
|
||||
actions: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }}
|
||||
needs: build_and_push
|
||||
|
|
|
|||
2
.github/workflows/shift_left.yml
vendored
2
.github/workflows/shift_left.yml
vendored
|
|
@ -7,6 +7,8 @@ on:
|
|||
|
||||
jobs:
|
||||
Scan-Build:
|
||||
permissions:
|
||||
contents: read
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue