sundowndev
/
homebrew-core
mirror of https://github.com/sundowndev/homebrew-core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: Add GitHub token permissions for workflows 

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
master
Varun Sharma 2022-07-04 13:48:23 -07:00 committed by GitHub
parent 6a40de444b
commit d28102ad75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/autobump.yml vendored
View File

@ -840,6 +840,9 @@ env:
zstd zstd
zydis zydis
permissions:
contents: read
jobs: jobs:
autobump: autobump:
if: github.repository == 'Homebrew/homebrew-core' if: github.repository == 'Homebrew/homebrew-core'

3
.github/workflows/autopublish.yml vendored
View File

@ -13,6 +13,9 @@ concurrency:
env: env:
HOMEBREW_FORCE_HOMEBREW_ON_LINUX: 1 HOMEBREW_FORCE_HOMEBREW_ON_LINUX: 1
permissions:
contents: read
jobs: jobs:
autopublish: autopublish:
if: github.repository == 'Homebrew/homebrew-core' if: github.repository == 'Homebrew/homebrew-core'

3
.github/workflows/dispatch-build-bottle.yml vendored
View File

@ -26,6 +26,9 @@ env:
HOMEBREW_NO_AUTO_UPDATE: 1 HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_CHANGE_ARCH_TO_ARM: 1 HOMEBREW_CHANGE_ARCH_TO_ARM: 1
permissions:
contents: read
jobs: jobs:
prepare: prepare:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/publish-commit-bottles.yml vendored
View File

@ -18,6 +18,9 @@ env:
HOMEBREW_DEVELOPER: 1 HOMEBREW_DEVELOPER: 1
HOMEBREW_NO_AUTO_UPDATE: 1 HOMEBREW_NO_AUTO_UPDATE: 1
permissions:
contents: read
jobs: jobs:
upload: upload:
runs-on: ${{github.event.inputs.self_hosted == 'true' && 'linux-self-hosted-1' || 'ubuntu-latest'}} runs-on: ${{github.event.inputs.self_hosted == 'true' && 'linux-self-hosted-1' || 'ubuntu-latest'}}

3
.github/workflows/recreate-linux-runners.yml vendored
View File

@ -10,6 +10,9 @@ concurrency:
group: recreate-linux-runners group: recreate-linux-runners
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
recreate: recreate:
if: github.repository == 'Homebrew/homebrew-core' if: github.repository == 'Homebrew/homebrew-core'

3
.github/workflows/remove-disabled-formulae.yml vendored
View File

@ -12,6 +12,9 @@ concurrency:
group: remove-disabled-formulae group: remove-disabled-formulae
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
remove-disabled-formulae: remove-disabled-formulae:
if: startsWith(github.repository, 'Homebrew/') if: startsWith(github.repository, 'Homebrew/')

5
.github/workflows/tests.yml vendored
View File

@ -16,6 +16,9 @@ concurrency:
group: "tests-${{ github.ref }}" group: "tests-${{ github.ref }}"
cancel-in-progress: ${{ github.event_name == 'pull_request' }} cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions:
contents: read
jobs: jobs:
tap_syntax: tap_syntax:
if: github.repository == 'Homebrew/homebrew-core' if: github.repository == 'Homebrew/homebrew-core'
@ -40,6 +43,8 @@ jobs:
id: formulae-detect id: formulae-detect
setup_tests: setup_tests:
permissions:
pull-requests: read
if: github.event_name == 'pull_request' && github.repository == 'Homebrew/homebrew-core' if: github.event_name == 'pull_request' && github.repository == 'Homebrew/homebrew-core'
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: tap_syntax needs: tap_syntax

3
.github/workflows/triage.yml vendored
View File

@ -6,6 +6,9 @@ concurrency:
group: "triage-${{ github.event.number }}" group: "triage-${{ github.event.number }}"
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
triage: triage:
runs-on: ubuntu-latest runs-on: ubuntu-latest