This is an automated email from the ASF dual-hosted git repository.
engelen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pekko.git
The following commit(s) were added to refs/heads/main by this push:
new 89195935b0 chore: restrict GitHub actions permissions (#1371)
89195935b0 is described below
commit 89195935b0d7027f788c1032bfac2ad553206df2
Author: Arnout Engelen <[email protected]>
AuthorDate: Mon Jun 17 23:29:23 2024 +0200
chore: restrict GitHub actions permissions (#1371)
Be more selective in granting permissions to actions
---
.github/workflows/dependency-graph.yml | 7 +++++++
.github/workflows/scala-steward.yml | 4 ++++
2 files changed, 11 insertions(+)
diff --git a/.github/workflows/dependency-graph.yml
b/.github/workflows/dependency-graph.yml
index e96c3efbc8..c2c08140a4 100644
--- a/.github/workflows/dependency-graph.yml
+++ b/.github/workflows/dependency-graph.yml
@@ -3,6 +3,9 @@ on:
push:
branches:
- main # default branch of the project
+
+permissions: {}
+
jobs:
dependency-graph:
name: Update Dependency Graph
@@ -10,3 +13,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: scalacenter/sbt-dependency-submission@v2
+ permissions:
+ # The API requires write permission on the repository
+ # to submit dependencies
+ contents: write
diff --git a/.github/workflows/scala-steward.yml
b/.github/workflows/scala-steward.yml
index 08a13210fe..64ee65f7a8 100644
--- a/.github/workflows/scala-steward.yml
+++ b/.github/workflows/scala-steward.yml
@@ -5,6 +5,10 @@ on:
name: Launch Scala Steward
+# The GitHub Action doesn't need permissions: it only reads already-public
+# data and creates PRs through the scala-steward-asf bot:
+permissions: {}
+
jobs:
scala-steward:
runs-on: ubuntu-22.04
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
