Home Explore Help
Sign In
CityApper
/
django
mirror of https://github.com/django/django
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Restricted permissions for GitHub tokens.

Mariusz Felisiak 2 years ago
parent
7e5c8fc51f
commit
5f76002500
6 changed files with 20 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      .github/workflows/docs.yml
  2. 3 0
      .github/workflows/linters.yml
  3. 4 0
      .github/workflows/new_contributor_pr.yml
  4. 3 0
      .github/workflows/schedule_tests.yml
  5. 4 0
      .github/workflows/schedules.yml
  6. 3 0
      .github/workflows/tests.yml

+ 3 - 0
.github/workflows/docs.yml
View File 

@@ -16,6 +16,9 @@ concurrency:
 
   group: ${{ github.workflow }}-${{ github.ref }}
 
   cancel-in-progress: true
 
 
+permissions:
 
+  contents: read
 
+
 
 jobs:
 
   docs:
 
     # OS must be the same as on djangoproject.com.

+ 3 - 0
.github/workflows/linters.yml
View File 

@@ -14,6 +14,9 @@ concurrency:
 
   group: ${{ github.workflow }}-${{ github.ref }}
 
   cancel-in-progress: true
 
 
+permissions:
 
+  contents: read
 
+
 
 jobs:
 
   flake8:
 
     name: flake8

+ 4 - 0
.github/workflows/new_contributor_pr.yml
View File 

@@ -4,6 +4,10 @@ on:
 
   pull_request_target:
 
     types: [opened]
 
 
+permissions:
 
+  issues: write
 
+  pull-requests: read
 
+
 
 jobs:
 
   build:
 
     name: Hello new contributor

+ 3 - 0
.github/workflows/schedule_tests.yml
View File 

@@ -7,6 +7,9 @@ concurrency:
 
   group: ${{ github.workflow }}-${{ github.ref }}
 
   cancel-in-progress: true
 
 
+permissions:
 
+  contents: read
 
+
 
 jobs:
 
   windows:
 
     runs-on: windows-latest

+ 4 - 0
.github/workflows/schedules.yml
View File 

@@ -5,6 +5,10 @@ on:
 
     - cron: '42 2 * * *'
 
   workflow_dispatch:
 
 
+permissions:
 
+  actions: write
 
+  contents: read
 
+
 
 jobs:
 
   trigger-runs:
 
     runs-on: ubuntu-latest

+ 3 - 0
.github/workflows/tests.yml
View File 

@@ -14,6 +14,9 @@ concurrency:
 
   group: ${{ github.workflow }}-${{ github.ref }}
 
   cancel-in-progress: true
 
 
+permissions:
 
+  contents: read
 
+
 
 jobs:
 
   windows:
 
     runs-on: windows-latest