Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-01-05 00:06:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2534 from Ludy87/token_permissions_2

Browse Source 
[Security] Token permissions no. 2
This commit is contained in:
Anthony Stirling 2024-12-21 23:41:37 +00:00 committed by GitHub
commit fb61fea3e4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 36 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/PR-Demo-cleanup.yml vendored
View File

@ -4,9 +4,7 @@ on:
pull_request: pull_request:
types: [opened, synchronize, reopened, closed] types: [opened, synchronize, reopened, closed]
permissions: permissions: read-all
contents: write
pull-requests: write
env: env:
SERVER_IP: ${{ secrets.VPS_IP }} # Add this to your GitHub secrets SERVER_IP: ${{ secrets.VPS_IP }} # Add this to your GitHub secrets
@ -15,6 +13,9 @@ env:
jobs: jobs:
cleanup: cleanup:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
if: github.event.action == 'closed' if: github.event.action == 'closed'
steps: steps:

6
.github/workflows/auto-labeler.yml vendored
View File

@ -3,13 +3,13 @@ on:
pull_request_target: pull_request_target:
types: [opened, synchronize] types: [opened, synchronize]
permissions: permissions: read-all
contents: read
pull-requests: write
jobs: jobs:
labeler: labeler:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
pull-requests: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

8
.github/workflows/licenses-update.yml vendored
View File

@ -7,14 +7,14 @@ on:
paths: paths:
- "build.gradle" - "build.gradle"
permissions: permissions: read-all
contents: write
pull-requests: write
jobs: jobs:
generate-license-report: generate-license-report:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

6
.github/workflows/manage-label.yml vendored
View File

@ -4,14 +4,14 @@ on:
schedule: schedule:
- cron: "30 20 * * *" - cron: "30 20 * * *"
permissions: permissions: read-all
contents: read
issues: write
jobs: jobs:
labeler: labeler:
name: Labeler name: Labeler
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
issues: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

9
.github/workflows/multiOSReleases.yml vendored
View File

@ -4,9 +4,9 @@ on:
workflow_dispatch: workflow_dispatch:
release: release:
types: [created] types: [created]
permissions:
contents: write permissions: read-all
packages: write
jobs: jobs:
build-installers: build-installers:
strategy: strategy:
@ -22,6 +22,9 @@ jobs:
# platform: linux # platform: linux
# ext: deb # ext: deb
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
permissions:
contents: write
packages: write
steps: steps:
- name: Harden Runner - name: Harden Runner

6
.github/workflows/push-docker.yml vendored
View File

@ -7,13 +7,13 @@ on:
- master - master
- main - main
permissions: permissions: read-all
contents: read
packages: write
jobs: jobs:
push: push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
packages: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

9
.github/workflows/releaseArtifacts.yml vendored
View File

@ -4,12 +4,15 @@ on:
workflow_dispatch: workflow_dispatch:
release: release:
types: [created] types: [created]
permissions:
contents: write permissions: read-all
packages: write
jobs: jobs:
push: push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
packages: write
strategy: strategy:
matrix: matrix:
enable_security: [true, false] enable_security: [true, false]

3
.github/workflows/stale.yml vendored
View File

@ -5,8 +5,7 @@ on:
- cron: "30 0 * * *" - cron: "30 0 * * *"
workflow_dispatch: workflow_dispatch:
permissions: permissions: read-all
contents: read
jobs: jobs:
stale: stale:

2
.github/workflows/swagger.yml vendored
View File

@ -6,6 +6,8 @@ on:
branches: branches:
- master - master
permissions: read-all
jobs: jobs:
push: push:
runs-on: ubuntu-latest runs-on: ubuntu-latest

7
.github/workflows/sync_files.yml vendored
View File

@ -9,13 +9,14 @@ on:
- "src/main/resources/messages_*.properties" - "src/main/resources/messages_*.properties"
- "scripts/ignore_translation.toml" - "scripts/ignore_translation.toml"
permissions: permissions: read-all
contents: write
pull-requests: write
jobs: jobs:
sync-readme: sync-readme:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2