8000 Add permissions blocks to all workflows · github/vscode-codeql-starter@f00e9cc · GitHub
[go: up one dir, main page]
Skip to content

Commit f00e9cc

Browse files
aeisenbergaeisenberg
committed
Add permissions blocks to all workflows
1 parent d03c783 commit f00e9cc

File tree

3 files changed

+9
-4
lines changed

3 files changed

+9
-4
lines changed

.github/workflows/check-submodule-pointers.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ on:
1414
schedule:
1515
- cron: '42 12 * * *'
1616

17+
permissions:
18+
contents: read
19+
1720
jobs:
1821
check-submodules:
1922
runs-on: ubuntu-latest
@@ -22,13 +25,13 @@ jobs:
2225
- uses: actions/checkout@v3
2326

2427
- name: Compare submodule pointers to lgtm.com branch
25-
env:
28+
env:
2629
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2730
run: |
2831
CODEQL_ACTUAL_SHA="$(git rev-parse @:./ql)"
2932
CODEQL_EXPECTED_SHA="$(gh api repos/github/codeql/git/ref/heads/lgtm.com --jq '.object.sha')"
3033
echo "The ql submodule currently points to $CODEQL_ACTUAL_SHA. The tip of the lgtm.com branch of github/codeql is $CODEQL_EXPECTED_SHA."
31-
if [ "$CODEQL_EXPECTED_SHA" != "$CODEQL_ACTUAL_SHA" ]; then
34+
if [ "$CODEQL_EXPECTED_SHA" != "$CODEQL_ACTUAL_SHA" ]; then
3235
echo "::error:: The ql submodule is out of date with the lgtm.com branch of github/codeql. Expected $CODEQL_EXPECTED_SHA, found $CODEQL_ACTUAL_SHA."
3336
exit 1
3437
fi

.github/workflows/mirror-main-to-master.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
push:
77
branches: [ main ]
88

9+
permissions:
10+
contents: write
11+
912
jobs:
1013
mirror-main-to-master:
1114
runs-on: ubuntu-latest

.github/workflows/report-failure.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
issues: write
1616
steps:
1717
- name: Create issue
18-
env:
18+
env:
1919
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2020
WORKFLOW_RUN_URL: ${{ github.event.workflow_run.html_url }}
2121
run: |
@@ -24,4 +24,3 @@ jobs:
2424
--repo "$GITHUB_REPOSITORY" \
2525
--title "Submodule pointers out of date: $TODAY" \
2626
--body "Submodule pointer check failed: $WORKFLOW_RUN_URL"
27-

0 commit comments

Comments
 (0)
0