GitHub Workflows security hardening (#3470)
* build: harden docker-publish.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden website.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden changesets.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden static-data.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
parent
bd440840c8
commit
17984fa31b
|
@ -12,6 +12,9 @@ env:
|
||||||
CI: true
|
CI: true
|
||||||
PNPM_CACHE_FOLDER: .pnpm-store
|
PNPM_CACHE_FOLDER: .pnpm-store
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# Update package versions from changesets.
|
# Update package versions from changesets.
|
||||||
version:
|
version:
|
||||||
|
|
|
@ -15,6 +15,10 @@ on:
|
||||||
- 'master'
|
- 'master'
|
||||||
tags:
|
tags:
|
||||||
- 'v*'
|
- 'v*'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
docker:
|
docker:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
|
@ -10,6 +10,10 @@ on:
|
||||||
# push:
|
# push:
|
||||||
# branches:
|
# branches:
|
||||||
# - master
|
# - master
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
prepare:
|
prepare:
|
||||||
name: Run script
|
name: Run script
|
||||||
|
|
|
@ -9,8 +9,16 @@ on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 0 * * *'
|
- cron: '0 0 * * *'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
deployments: write
|
||||||
|
pull-requests: write # to comment on pull-requests
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
NODE_OPTIONS: --max_old_space_size=4096
|
NODE_OPTIONS: --max_old_space_size=4096
|
||||||
|
|
Loading…
Reference in New Issue