chore: update permissions for actions
This commit is contained in:
		
					parent
					
						
							
								886aa74d6c
							
						
					
				
			
			
				commit
				
					
						e60e5f68a1
					
				
			
		
					 5 changed files with 23 additions and 23 deletions
				
			
		
							
								
								
									
										23
									
								
								.github/dependabot.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										23
									
								
								.github/dependabot.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -1,6 +1,3 @@ | ||||||
| # Basic dependabot.yml file with |  | ||||||
| # minimum configuration for two package managers |  | ||||||
| 
 |  | ||||||
| version: 2 | version: 2 | ||||||
| updates: | updates: | ||||||
|   # Enable version updates for cargo |   # Enable version updates for cargo | ||||||
|  | @ -9,26 +6,6 @@ updates: | ||||||
|     schedule: |     schedule: | ||||||
|       interval: "daily" |       interval: "daily" | ||||||
| 
 | 
 | ||||||
|   - package-ecosystem: "cargo" |  | ||||||
|     directory: "/rpxy-bin" |  | ||||||
|     schedule: |  | ||||||
|       interval: "daily" |  | ||||||
| 
 |  | ||||||
|   - package-ecosystem: "cargo" |  | ||||||
|     directory: "/rpxy-lib" |  | ||||||
|     schedule: |  | ||||||
|       interval: "daily" |  | ||||||
| 
 |  | ||||||
|   - package-ecosystem: "cargo" |  | ||||||
|     directory: "/rpxy-certs" |  | ||||||
|     schedule: |  | ||||||
|       interval: "daily" |  | ||||||
| 
 |  | ||||||
|   - package-ecosystem: "cargo" |  | ||||||
|     directory: "/rpxy-acme" |  | ||||||
|     schedule: |  | ||||||
|       interval: "daily" |  | ||||||
| 
 |  | ||||||
|   # Enable version updates for Docker |   # Enable version updates for Docker | ||||||
|   - package-ecosystem: "docker" |   - package-ecosystem: "docker" | ||||||
|     directory: "/docker" |     directory: "/docker" | ||||||
|  |  | ||||||
							
								
								
									
										3
									
								
								.github/workflows/ci.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.github/workflows/ci.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -5,6 +5,9 @@ on: | ||||||
|   pull_request: |   pull_request: | ||||||
|     types: [synchronize, opened] |     types: [synchronize, opened] | ||||||
| 
 | 
 | ||||||
|  | permissions: | ||||||
|  |   contents: read | ||||||
|  | 
 | ||||||
| env: | env: | ||||||
|   CARGO_TERM_COLOR: always |   CARGO_TERM_COLOR: always | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
							
								
								
									
										10
									
								
								.github/workflows/release.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										10
									
								
								.github/workflows/release.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -14,6 +14,10 @@ on: | ||||||
| 
 | 
 | ||||||
| jobs: | jobs: | ||||||
|   on-success: |   on-success: | ||||||
|  |     permissions: | ||||||
|  |       contents: read | ||||||
|  |       packages: read | ||||||
|  | 
 | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'repositry_dispatch' }} |     if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'repositry_dispatch' }} | ||||||
|     strategy: |     strategy: | ||||||
|  | @ -98,12 +102,18 @@ jobs: | ||||||
|           path: "/tmp/${{ steps.set-env.outputs.target_name }}" |           path: "/tmp/${{ steps.set-env.outputs.target_name }}" | ||||||
| 
 | 
 | ||||||
|   on-failure: |   on-failure: | ||||||
|  |     permissions: | ||||||
|  |       contents: read | ||||||
|  | 
 | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' }} |     if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' }} | ||||||
|     steps: |     steps: | ||||||
|       - run: echo 'The release triggering workflows failed' |       - run: echo 'The release triggering workflows failed' | ||||||
| 
 | 
 | ||||||
|   release: |   release: | ||||||
|  |     permissions: | ||||||
|  |       contents: write | ||||||
|  | 
 | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     if: ${{ github.event_name == 'repository_dispatch' }} |     if: ${{ github.event_name == 'repository_dispatch' }} | ||||||
|     needs: on-success |     needs: on-success | ||||||
|  |  | ||||||
							
								
								
									
										8
									
								
								.github/workflows/release_docker.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								.github/workflows/release_docker.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -16,6 +16,10 @@ env: | ||||||
| 
 | 
 | ||||||
| jobs: | jobs: | ||||||
|   build_and_push: |   build_and_push: | ||||||
|  |     permissions: | ||||||
|  |       contents: read | ||||||
|  |       packages: write | ||||||
|  | 
 | ||||||
|     runs-on: ubuntu-22.04 |     runs-on: ubuntu-22.04 | ||||||
|     if: ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} |     if: ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} | ||||||
|     strategy: |     strategy: | ||||||
|  | @ -199,6 +203,10 @@ jobs: | ||||||
|           labels: ${{ steps.meta.outputs.labels }} |           labels: ${{ steps.meta.outputs.labels }} | ||||||
| 
 | 
 | ||||||
|   dispatch_release_event: |   dispatch_release_event: | ||||||
|  |     permissions: | ||||||
|  |       contents: write | ||||||
|  |       actions: write | ||||||
|  | 
 | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }} |     if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }} | ||||||
|     needs: build_and_push |     needs: build_and_push | ||||||
|  |  | ||||||
							
								
								
									
										2
									
								
								.github/workflows/shift_left.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/shift_left.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -7,6 +7,8 @@ on: | ||||||
| 
 | 
 | ||||||
| jobs: | jobs: | ||||||
|   Scan-Build: |   Scan-Build: | ||||||
|  |     permissions: | ||||||
|  |       contents: read | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/checkout@v4 |       - uses: actions/checkout@v4 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Jun Kurihara
				Jun Kurihara