Skip to content

Commit

Permalink
Merge pull request #90 from github/workflow-permissions
Browse files Browse the repository at this point in the history
Address security concerns with workflows
  • Loading branch information
elrayle authored Dec 19, 2024
2 parents acea5bc + 07858f6 commit adaedbc
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 5 deletions.
11 changes: 7 additions & 4 deletions .github/workflows/fetch-licenses.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,16 @@ on:
jobs:
fetch-licenses:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write

steps:
- name: Setup Git
run: |
git config --global user.name "GitHub Actions"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
- name: Checkout this repository
uses: actions/checkout@v4

Expand All @@ -37,7 +40,7 @@ jobs:
- name: Get date
id: date
run: echo "DT_STAMP"=$(date +'%Y-%m-%d %H:%M UTC') >> $GITHUB_ENV

- name: Check for changes
id: changes
run: |
Expand All @@ -54,7 +57,7 @@ jobs:
fi
fi
echo "HAS_CHANGES"=$has_changes >> $GITHUB_ENV
- name: Run license extraction
if: ${{ env.HAS_CHANGES == 'true' || github.event.inputs.force_run == 'true' }}
run: |
Expand All @@ -66,7 +69,7 @@ jobs:
- name: Create Pull Request
if: ${{ env.HAS_CHANGES == 'true' || github.event.inputs.force_run == 'true' }}
uses: peter-evans/create-pull-request@v7
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Add updated license files
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
branches: [main]
pull_request: {}

permissions:
contents: read

jobs:
build:
strategy:
Expand All @@ -18,7 +21,7 @@ jobs:
go-version: "1.18.5"

- name: golangci-lint
uses: golangci/golangci-lint-action@v6.1.1
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8
with:
version: v1.47.3
args: --verbose --config .golangci.yaml
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
branches: [main]
pull_request: {}

permissions:
contents: read

jobs:
test:
strategy:
Expand Down

0 comments on commit adaedbc

Please sign in to comment.