Skip to content

chore(ci): sets base permissions on all workflows #1801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 29, 2023
Merged

chore(ci): sets base permissions on all workflows #1801

merged 1 commit into from
Nov 29, 2023

Conversation

sthulb
Copy link
Contributor

@sthulb sthulb commented Nov 23, 2023

Description of your changes

Adds a root permissions to the base of every workflow that was missing one.

Related issues, RFCs

Issue number: #1799

Checklist

  • My changes meet the tenets criteria
  • I have performed a self-review of my own code
  • I have commented my code where necessary, particularly in areas that should be flagged with a TODO, or hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my change is effective and works
  • The PR title follows the conventional commit semantics

Breaking change checklist

Is it a breaking change?: NO

  • I have documented the migration process
  • I have added, implemented necessary warnings (if it can live side by side)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@sthulb
chore(ci): sets base permissions on all workflows
1ba788b 
adds pull requests write permission

add permissions for packages, id-token

add permissions

add permissions

all the permissions!
@sthulb sthulb requested a review from a team November 23, 2023 16:27
@boring-cyborg boring-cyborg bot added the automation This item relates to automation label Nov 23, 2023
@pull-request-size pull-request-size bot added the size/M PR between 30-99 LOC label Nov 23, 2023
@sonarqubecloud SonarQubeCloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

dreamorosi
dreamorosi reviewed Nov 24, 2023
View reviewed changes
.github/workflows/on-merge-to-main.yml
@@ -32,6 +40,9 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release_label_on_merge:
permissions:
pull-requests: read
contents: write
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this contents: write be scoped down only to issues?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With issues: write yes, but removing content would not prevent from merge, or?

dreamorosi
dreamorosi reviewed Nov 24, 2023
View reviewed changes
Copy link
Contributor

@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good as far as I can tell - left one comment/question only

@sthulb sthulb merged commit 17f9ab0 into main Nov 29, 2023
@sthulb sthulb deleted the chore/tokens branch November 29, 2023 08:25
@sthulb sthulb mentioned this pull request Nov 29, 2023
Closed
9 tasks
@dreamorosi dreamorosi linked an issue Nov 29, 2023 that may be closed by this pull request
Maintenance: Improve security posture by addressing OpenSSF results #1799
Closed
2 tasks
@sthulb sthulb mentioned this pull request Nov 30, 2023
Merged
9 tasks
dreamorosi pushed a commit that referenced this pull request Jan 27, 2024
@sthulb @dreamorosi
chore(ci): sets base permissions on all workflows (#1801)
fbadcbc 
adds pull requests write permission

add permissions for packages, id-token

add permissions

add permissions

all the permissions!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@am29d am29d am29d left review comments

@dreamorosi dreamorosi dreamorosi left review comments

Assignees

@sthulb sthulb

Labels
automation This item relates to automation size/M PR between 30-99 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Improve security posture by addressing OpenSSF results
3 participants
@sthulb @am29d @dreamorosi