Merge pull request #3741 from sashashura/patch-1
GitHub Workflows security hardening
This commit is contained in:
commit
0e18af15f8
6 changed files with 25 additions and 0 deletions
6
.github/workflows/build.yml
vendored
6
.github/workflows/build.yml
vendored
|
@ -16,6 +16,9 @@ on:
|
|||
env:
|
||||
DOCKERHUB_SLUG: distribution/distribution
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -45,6 +48,9 @@ jobs:
|
|||
directory: ./
|
||||
|
||||
build:
|
||||
permissions:
|
||||
contents: write # to create GitHub release (softprops/action-gh-release)
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- test
|
||||
|
|
7
.github/workflows/codeql-analysis.yml
vendored
7
.github/workflows/codeql-analysis.yml
vendored
|
@ -15,8 +15,15 @@ on:
|
|||
- 'v*'
|
||||
pull_request:
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
security-events: write # to upload SARIF results (github/codeql-action/analyze)
|
||||
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
|
|
3
.github/workflows/conformance.yml
vendored
3
.github/workflows/conformance.yml
vendored
|
@ -8,6 +8,9 @@ on:
|
|||
pull_request:
|
||||
push:
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
run-conformance-test:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
3
.github/workflows/e2e.yml
vendored
3
.github/workflows/e2e.yml
vendored
|
@ -11,6 +11,9 @@ on:
|
|||
- 'release/*'
|
||||
pull_request:
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
run-e2e-test:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
3
.github/workflows/fossa.yml
vendored
3
.github/workflows/fossa.yml
vendored
|
@ -8,6 +8,9 @@ on:
|
|||
- pull_request
|
||||
- push
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
scan-license:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
3
.github/workflows/validate.yml
vendored
3
.github/workflows/validate.yml
vendored
|
@ -13,6 +13,9 @@ on:
|
|||
- 'v*'
|
||||
pull_request:
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
validate:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
Loading…
Reference in a new issue