mirror of
https://github.com/bitwarden/browser
synced 2025-12-12 22:33:35 +00:00
[BRE-848] Adding Workflow Permissions (#15250)
This commit is contained in:
Andy Pixley
GitHub
2
.github/workflows/auto-branch-updater.yml
vendored
2
.github/workflows/auto-branch-updater.yml
vendored
@@ -22,6 +22,8 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
_BOT_EMAIL: 106330231+bitwarden-devops-bot@users.noreply.github.com
|
_BOT_EMAIL: 106330231+bitwarden-devops-bot@users.noreply.github.com
|
||||||
_BOT_NAME: bitwarden-devops-bot
|
_BOT_NAME: bitwarden-devops-bot
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
steps:
|
steps:
|
||||||
- name: Setup
|
- name: Setup
|
||||||
id: setup
|
id: setup
|
||||||
|
|||||||
3
.github/workflows/auto-reply-discussions.yml
vendored
3
.github/workflows/auto-reply-discussions.yml
vendored
@@ -8,6 +8,9 @@ jobs:
|
|||||||
reply:
|
reply:
|
||||||
name: Auto-reply
|
name: Auto-reply
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
discussions: write
|
||||||
|
contents: read
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Get discussion label and template name
|
- name: Get discussion label and template name
|
||||||
|
|||||||
3
.github/workflows/enforce-labels.yml
vendored
3
.github/workflows/enforce-labels.yml
vendored
@@ -4,6 +4,9 @@ on:
|
|||||||
workflow_call:
|
workflow_call:
|
||||||
pull_request:
|
pull_request:
|
||||||
types: [labeled, unlabeled, opened, edited, synchronize]
|
types: [labeled, unlabeled, opened, edited, synchronize]
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: read
|
||||||
jobs:
|
jobs:
|
||||||
enforce-label:
|
enforce-label:
|
||||||
name: EnforceLabel
|
name: EnforceLabel
|
||||||
|
|||||||
3
.github/workflows/lint.yml
vendored
3
.github/workflows/lint.yml
vendored
@@ -22,6 +22,9 @@ defaults:
|
|||||||
run:
|
run:
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
name: Lint
|
name: Lint
|
||||||
|
|||||||
3
.github/workflows/locales-lint.yml
vendored
3
.github/workflows/locales-lint.yml
vendored
@@ -8,6 +8,9 @@ on:
|
|||||||
paths:
|
paths:
|
||||||
- '**/messages.json'
|
- '**/messages.json'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
name: Lint
|
name: Lint
|
||||||
|
|||||||
6
.github/workflows/release-browser.yml
vendored
6
.github/workflows/release-browser.yml
vendored
@@ -22,6 +22,8 @@ jobs:
|
|||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
outputs:
|
outputs:
|
||||||
release_version: ${{ steps.version.outputs.version }}
|
release_version: ${{ steps.version.outputs.version }}
|
||||||
steps:
|
steps:
|
||||||
@@ -53,6 +55,8 @@ jobs:
|
|||||||
name: Locales Test
|
name: Locales Test
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
needs: setup
|
needs: setup
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
@@ -89,6 +93,8 @@ jobs:
|
|||||||
needs:
|
needs:
|
||||||
- setup
|
- setup
|
||||||
- locales-test
|
- locales-test
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
steps:
|
steps:
|
||||||
- name: Download latest Release build artifacts
|
- name: Download latest Release build artifacts
|
||||||
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
||||||
|
|||||||
4
.github/workflows/release-web.yml
vendored
4
.github/workflows/release-web.yml
vendored
@@ -18,6 +18,8 @@ jobs:
|
|||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
outputs:
|
outputs:
|
||||||
release_version: ${{ steps.version.outputs.version }}
|
release_version: ${{ steps.version.outputs.version }}
|
||||||
tag_version: ${{ steps.version.outputs.tag }}
|
tag_version: ${{ steps.version.outputs.tag }}
|
||||||
@@ -50,6 +52,8 @@ jobs:
|
|||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
needs:
|
needs:
|
||||||
- setup
|
- setup
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
steps:
|
steps:
|
||||||
- name: Download latest build artifacts
|
- name: Download latest build artifacts
|
||||||
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
||||||
|
|||||||
5
.github/workflows/stale-bot.yml
vendored
5
.github/workflows/stale-bot.yml
vendored
@@ -8,6 +8,11 @@ jobs:
|
|||||||
stale:
|
stale:
|
||||||
name: 'Check for stale issues and PRs'
|
name: 'Check for stale issues and PRs'
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
actions: write
|
||||||
|
contents: read
|
||||||
|
issues: write
|
||||||
|
pull-requests: write
|
||||||
steps:
|
steps:
|
||||||
- name: 'Run stale action'
|
- name: 'Run stale action'
|
||||||
uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
|
uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
|
||||||
|
|||||||
Reference in New Issue
Block a user