From f0c40a0e05900c0f1f0bfcfa21c2fffba5b37efd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Mon, 17 Jun 2024 10:52:45 +0200 Subject: [PATCH] ci: set write permissions explicitly for jobs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: László Várady --- .github/workflows/axosyslog-charts-release.yml | 2 ++ .github/workflows/axosyslog-docker.yml | 2 ++ .github/workflows/axosyslog-image-snapshot.yml | 1 + .github/workflows/axosyslog-nightly.yml | 2 ++ .github/workflows/axosyslog-stable.yml | 2 ++ .github/workflows/comment-on-version-bump-pr.yml | 2 ++ .github/workflows/dbld-images.yml | 2 ++ .github/workflows/draft-release.yml | 1 + .github/workflows/version-bump.yml | 2 ++ 9 files changed, 16 insertions(+) diff --git a/.github/workflows/axosyslog-charts-release.yml b/.github/workflows/axosyslog-charts-release.yml index c56daba7f8..d32d2362f6 100644 --- a/.github/workflows/axosyslog-charts-release.yml +++ b/.github/workflows/axosyslog-charts-release.yml @@ -1,5 +1,7 @@ name: AxoSyslog charts release +permissions: write-all + on: push: paths: diff --git a/.github/workflows/axosyslog-docker.yml b/.github/workflows/axosyslog-docker.yml index 5552ecf8cd..b4618b5f5f 100644 --- a/.github/workflows/axosyslog-docker.yml +++ b/.github/workflows/axosyslog-docker.yml @@ -1,5 +1,7 @@ name: AxoSyslog Docker image builder +permissions: write-all + on: workflow_call: inputs: diff --git a/.github/workflows/axosyslog-image-snapshot.yml b/.github/workflows/axosyslog-image-snapshot.yml index 8501e90540..c15b8ef03c 100644 --- a/.github/workflows/axosyslog-image-snapshot.yml +++ b/.github/workflows/axosyslog-image-snapshot.yml @@ -42,6 +42,7 @@ jobs: path: dbld/build/*.tar.* publish-image: + permissions: write-all uses: ./.github/workflows/axosyslog-docker.yml needs: tarball with: diff --git a/.github/workflows/axosyslog-nightly.yml b/.github/workflows/axosyslog-nightly.yml index cbfaae77c4..a0eefe1ca0 100644 --- a/.github/workflows/axosyslog-nightly.yml +++ b/.github/workflows/axosyslog-nightly.yml @@ -1,5 +1,7 @@ name: AxoSyslog nightly +permissions: write-all + on: workflow_dispatch: schedule: diff --git a/.github/workflows/axosyslog-stable.yml b/.github/workflows/axosyslog-stable.yml index fa818adbd0..6ef2003b97 100644 --- a/.github/workflows/axosyslog-stable.yml +++ b/.github/workflows/axosyslog-stable.yml @@ -4,6 +4,8 @@ name: AxoSyslog stable +permissions: write-all + on: workflow_dispatch: push: diff --git a/.github/workflows/comment-on-version-bump-pr.yml b/.github/workflows/comment-on-version-bump-pr.yml index 22bed75416..d976a9128e 100644 --- a/.github/workflows/comment-on-version-bump-pr.yml +++ b/.github/workflows/comment-on-version-bump-pr.yml @@ -8,6 +8,8 @@ name: Comment on version bump PR +permissions: write-all + on: push: branches: diff --git a/.github/workflows/dbld-images.yml b/.github/workflows/dbld-images.yml index 9f5df371f7..e5d7d85437 100644 --- a/.github/workflows/dbld-images.yml +++ b/.github/workflows/dbld-images.yml @@ -1,5 +1,7 @@ name: Compile dbld-images +permissions: write-all + on: pull_request: paths: diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 404ae462b3..4d6b05accd 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -14,6 +14,7 @@ name: Draft release +permissions: write-all on: workflow_dispatch: diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index d38bab3606..9537e5e6fb 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -23,6 +23,8 @@ name: Version bump +permissions: write-all + on: workflow_dispatch: inputs: