mirror of
https://github.com/TeamNewPipe/NewPipe
synced 2024-11-29 05:21:20 +01:00
Use minimum required permissions for GitHub workflows
This reduces the attack surface if the workflows are ever compromised.
This commit is contained in:
parent
45d2492bcb
commit
a1f1acfbf9
12
.github/workflows/ci.yml
vendored
12
.github/workflows/ci.yml
vendored
@ -31,6 +31,10 @@ on:
|
||||
jobs:
|
||||
build-and-test-jvm:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: gradle/wrapper-validation-action@v1
|
||||
@ -64,6 +68,10 @@ jobs:
|
||||
matrix:
|
||||
# api-level 19 is min sdk, but throws errors related to desugaring
|
||||
api-level: [ 21, 29 ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
@ -91,6 +99,10 @@ jobs:
|
||||
|
||||
sonar:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
|
4
.github/workflows/image-minimizer.yml
vendored
4
.github/workflows/image-minimizer.yml
vendored
@ -6,6 +6,10 @@ on:
|
||||
issues:
|
||||
types: [opened, edited]
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
try-minimize:
|
||||
runs-on: ubuntu-latest
|
||||
|
4
.github/workflows/no-response.yml
vendored
4
.github/workflows/no-response.yml
vendored
@ -9,6 +9,10 @@ on:
|
||||
# Run daily at midnight.
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
noResponse:
|
||||
runs-on: ubuntu-latest
|
||||
|
Loading…
Reference in New Issue
Block a user