Skip to content

Commit

Permalink
Merge pull request #8 from creative-commoners/pulls/1/workflow-permis…
Browse files Browse the repository at this point in the history
…sions

ENH Add workflow permissions
  • Loading branch information
GuySartorelli authored Apr 17, 2024
2 parents 33e9bc4 + d0a1ab9 commit e871fd8
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/action-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ name: Action CI
on:
workflow_call:

permissions: {}

jobs:

ci:
Expand Down Expand Up @@ -72,6 +74,8 @@ jobs:
outputs:
do_release: ${{ steps.gauge-release.outputs.do_release }}
next_tag: ${{ steps.gauge-release.outputs.next_tag }}
permissions:
contents: read
steps:
- name: Gauge release
id: gauge-release
Expand All @@ -84,6 +88,8 @@ jobs:
runs-on: ubuntu-latest
needs: gaugerelease
if: ${{ needs.gaugerelease.outputs.do_release == '1' }}
permissions:
contents: write
steps:
- name: Patch release
uses: silverstripe/gha-tag-release@v1
Expand All @@ -104,6 +110,8 @@ jobs:
env:
GITHUB_REPOSITORY: ${{ github.repository }}
BRANCH: ${{ needs.ci.outputs.branch }}
permissions:
actions: write
steps:
- name: Dispatch auto tag
run: |
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/auto-tag.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,15 @@ on:
tags:
- '*.*.*'
workflow_dispatch:

permissions: {}

jobs:
auto-tag:
name: Auto-tag
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Auto-tag
uses: silverstripe/gha-auto-tag@v1
4 changes: 4 additions & 0 deletions .github/workflows/keepalive.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,16 @@ on:
- cron: '30 6 3 * *'
workflow_dispatch:

permissions: {}

jobs:
keepalive:
name: Keepalive
# Only run cron on the silverstripe account
if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule')
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- name: Keepalive
uses: silverstripe/gha-keepalive@v1
5 changes: 5 additions & 0 deletions .github/workflows/merge-up.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,17 @@ on:
- cron: '30 6 * * 2'
workflow_dispatch:

permissions: {}

jobs:
merge-up:
name: Merge-up
# Only run cron on the silverstripe account
if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule')
runs-on: ubuntu-latest
permissions:
contents: write
actions: write
steps:
- name: Merge-up
uses: silverstripe/gha-merge-up@v1

0 comments on commit e871fd8

Please sign in to comment.