Merge pull request #20468 from sashashura/patch-1

GitHub Workflows security hardening
This commit is contained in:
Dean Herbert
2022-09-26 09:48:32 +09:00
committed by GitHub
3 changed files with 10 additions and 0 deletions

View File

@ -4,6 +4,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
inspect-code:
name: Code Quality

View File

@ -8,8 +8,12 @@ on:
workflows: ["Continuous Integration"]
types:
- completed
permissions: {}
jobs:
annotate:
permissions:
checks: write # to create checks (dorny/test-reporter)
name: Annotate CI run with test results
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion != 'cancelled' }}

View File

@ -5,6 +5,9 @@ on:
tags:
- '*'
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
sentry_release:
runs-on: ubuntu-latest