From ecbd4e0f249d3732caab9563cde90ab6668ae683 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BCrk?= Date: Tue, 1 Oct 2024 05:33:40 +0200 Subject: [PATCH] [TASK] GitHub action workflow permission --- .github/workflows/testcore11.yml | 81 ++++++++++++++++++++++++++++++++ .github/workflows/testcore12.yml | 54 +++++++++++++++++++++ 2 files changed, 135 insertions(+) diff --git a/.github/workflows/testcore11.yml b/.github/workflows/testcore11.yml index a835de1b..5f83c578 100644 --- a/.github/workflows/testcore11.yml +++ b/.github/workflows/testcore11.yml @@ -12,6 +12,33 @@ jobs: fail-fast: false matrix: php-version: [ '7.4'] + permissions: + # actions: read|write|none + actions: none + # checks: read|write|none + checks: none + # contents: read|write|none + contents: read + # deployments: read|write|none + deployments: none + # id-token: read|write|none + id-token: none + # issues: read|write|none + issues: none + # discussions: read|write|none + discussions: none + # packages: read|write|none + packages: read + # pages: read|write|none + pages: none + # pull-requests: read|write|none + pull-requests: none + # repository-projects: read|write|none + repository-projects: read + # security-events: read|write|none + security-events: none + # statuses: read|write|none + statuses: none steps: - name: "Checkout" uses: actions/checkout@v4 @@ -49,6 +76,33 @@ jobs: typoscript: name: "Linting TypoScript and TSConfig files" runs-on: ubuntu-22.04 + permissions: + # actions: read|write|none + actions: none + # checks: read|write|none + checks: none + # contents: read|write|none + contents: read + # deployments: read|write|none + deployments: none + # id-token: read|write|none + id-token: none + # issues: read|write|none + issues: none + # discussions: read|write|none + discussions: none + # packages: read|write|none + packages: read + # pages: read|write|none + pages: none + # pull-requests: read|write|none + pull-requests: none + # repository-projects: read|write|none + repository-projects: read + # security-events: read|write|none + security-events: none + # statuses: read|write|none + statuses: none steps: - name: "Checkout" uses: actions/checkout@v4 @@ -67,6 +121,33 @@ jobs: fail-fast: false matrix: php-version: [ '7.4', '8.0', '8.1', '8.2', '8.3' ] + permissions: + # actions: read|write|none + actions: none + # checks: read|write|none + checks: none + # contents: read|write|none + contents: read + # deployments: read|write|none + deployments: none + # id-token: read|write|none + id-token: none + # issues: read|write|none + issues: none + # discussions: read|write|none + discussions: none + # packages: read|write|none + packages: read + # pages: read|write|none + pages: none + # pull-requests: read|write|none + pull-requests: none + # repository-projects: read|write|none + repository-projects: read + # security-events: read|write|none + security-events: none + # statuses: read|write|none + statuses: none steps: - name: "Checkout" uses: actions/checkout@v4 diff --git a/.github/workflows/testcore12.yml b/.github/workflows/testcore12.yml index a024faba..c4050478 100644 --- a/.github/workflows/testcore12.yml +++ b/.github/workflows/testcore12.yml @@ -12,6 +12,33 @@ jobs: fail-fast: false matrix: php-version: [ '8.1'] + permissions: + # actions: read|write|none + actions: none + # checks: read|write|none + checks: none + # contents: read|write|none + contents: read + # deployments: read|write|none + deployments: none + # id-token: read|write|none + id-token: none + # issues: read|write|none + issues: none + # discussions: read|write|none + discussions: none + # packages: read|write|none + packages: read + # pages: read|write|none + pages: none + # pull-requests: read|write|none + pull-requests: none + # repository-projects: read|write|none + repository-projects: read + # security-events: read|write|none + security-events: none + # statuses: read|write|none + statuses: none steps: - name: "Checkout" uses: actions/checkout@v4 @@ -51,6 +78,33 @@ jobs: fail-fast: false matrix: php-version: [ '8.1', '8.2', '8.3' ] + permissions: + # actions: read|write|none + actions: none + # checks: read|write|none + checks: none + # contents: read|write|none + contents: read + # deployments: read|write|none + deployments: none + # id-token: read|write|none + id-token: none + # issues: read|write|none + issues: none + # discussions: read|write|none + discussions: none + # packages: read|write|none + packages: read + # pages: read|write|none + pages: none + # pull-requests: read|write|none + pull-requests: none + # repository-projects: read|write|none + repository-projects: read + # security-events: read|write|none + security-events: none + # statuses: read|write|none + statuses: none steps: - name: "Checkout" uses: actions/checkout@v4