nathannaveen
|
04c289c2b8
|
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
|
2022-06-02 00:58:10 +00:00 |
|
MattIPv4
|
e7bf1a6a20
|
Use fixed ref for PR
|
2022-04-07 15:19:00 +01:00 |
|
MattIPv4
|
10fcf2ba44
|
Only run on PRs and pushes to master
|
2022-03-26 21:09:23 +00:00 |
|
MattIPv4
|
921184a8f6
|
Add name to workflow
|
2022-03-26 20:58:25 +00:00 |
|
MattIPv4
|
7c43228dee
|
Use GitHub actions to run validate from cleanup repo
|
2022-03-26 20:57:05 +00:00 |
|
MattIPv4
|
024a7d9d1c
|
Fix repo dotfiles
|
2021-03-23 12:05:40 +00:00 |
|
Ethan Jinks O'Sullivan
|
9ff390b3e7
|
Add medium.js.org
|
2021-01-22 08:58:20 -05:00 |
|
shiftgeist
|
95163df37e
|
enable the repo sponsor button
|
2020-09-11 10:05:38 +02:00 |
|