ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Explicit permissions for GITHUB_TOKEN where write is needed

Browse Source 
The default GITHUB_TOKEN permissions will be set to read-only. See https://sonarsource.atlassian.net/browse/SSF-619 for background information.
This commit is contained in:
Michael Jabbour 2024-09-18 12:03:16 +02:00 committed by GitHub
parent 3445da4ee7
commit 765538f971
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/add_language.yml vendored
View File

@ -15,6 +15,9 @@ on:
jobs: jobs:
add_language_to_rule: add_language_to_rule:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

3
.github/workflows/create_new_rspec.yml vendored
View File

@ -12,6 +12,9 @@ on:
jobs: jobs:
create_new_rule: create_new_rule:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

3
.github/workflows/update_quickfix_status.yml vendored
View File

@ -26,6 +26,9 @@ jobs:
update_quickfix_status: update_quickfix_status:
name: Update quick fix status name: Update quick fix status
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
permissions:
contents: write
pull-requests: write
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps: steps: