ci: add default permissions for workflows

This commit is contained in:
Daniel Roe 2024-09-11 10:11:30 +01:00
parent f88d3a4e25
commit 5bec3efcb1
No known key found for this signature in database
GPG Key ID: 3714AB03996F442B
5 changed files with 14 additions and 5 deletions

View File

@ -6,6 +6,8 @@ on:
types: types:
- closed - closed
permissions: {}
jobs: jobs:
cleanup: cleanup:
runs-on: ubuntu-latest runs-on: ubuntu-latest

View File

@ -6,9 +6,7 @@ on:
- main - main
- 3.x - 3.x
permissions: permissions: {}
pull-requests: write
contents: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.sha }} group: ${{ github.workflow }}-${{ github.event.number || github.sha }}
@ -19,6 +17,10 @@ jobs:
if: github.repository_owner == 'nuxt' && !contains(github.event.head_commit.message, 'v3.') && !contains(github.event.head_commit.message, 'v4.') if: github.repository_owner == 'nuxt' && !contains(github.event.head_commit.message, 'v3.') && !contains(github.event.head_commit.message, 'v4.')
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:

View File

@ -8,6 +8,8 @@ on:
- main - main
- 3.x - 3.x
permissions: {}
jobs: jobs:
add-pr-labels: add-pr-labels:
name: Add PR labels name: Add PR labels

View File

@ -4,6 +4,9 @@ on:
types: [closed] types: [closed]
paths: paths:
- "packages/nuxt/src/app/composables/**" - "packages/nuxt/src/app/composables/**"
permissions: {}
jobs: jobs:
notify: notify:
if: github.event.pull_request.merged == true if: github.event.pull_request.merged == true

View File

@ -7,12 +7,12 @@ on:
- edited - edited
- synchronize - synchronize
permissions: permissions: {}
contents: read
jobs: jobs:
semantic-pr: semantic-pr:
permissions: permissions:
contents: read
pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs
statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
if: github.repository == 'nuxt/nuxt' && !startsWith(github.head_ref, 'v') if: github.repository == 'nuxt/nuxt' && !startsWith(github.head_ref, 'v')