mirrors/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2024-11-23 01:36:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

GHA CI: use least permission level

Browse source 
`actions: write` is required by Chocobo1/setup-ccache-action.
`pull-requests: write` is required by actions/stale.
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
This commit is contained in:
Chocobo1 2023-02-16 16:16:54 +08:00
parent 4170b4e21b
commit d2c4b69f47
7 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/ci_file_health.yaml vendored
View file

@ -2,6 +2,8 @@ name: CI - File health
on: [pull_request, push] on: [pull_request, push]
permissions: {}
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.head_ref != '' }} cancel-in-progress: ${{ github.head_ref != '' }}

3
.github/workflows/ci_macos.yaml vendored
View file

@ -2,6 +2,9 @@ name: CI - macOS
on: [pull_request, push] on: [pull_request, push]
permissions:
actions: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.head_ref != '' }} cancel-in-progress: ${{ github.head_ref != '' }}

3
.github/workflows/ci_ubuntu.yaml vendored
View file

@ -2,6 +2,9 @@ name: CI - Ubuntu
on: [pull_request, push] on: [pull_request, push]
permissions:
actions: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.head_ref != '' }} cancel-in-progress: ${{ github.head_ref != '' }}

2
.github/workflows/ci_webui.yaml vendored
View file

@ -2,6 +2,8 @@ name: CI - WebUI
on: [pull_request, push] on: [pull_request, push]
permissions: {}
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.head_ref != '' }} cancel-in-progress: ${{ github.head_ref != '' }}

3
.github/workflows/ci_windows.yaml vendored
View file

@ -2,6 +2,9 @@ name: CI - Windows
on: [pull_request, push] on: [pull_request, push]
permissions:
actions: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.head_ref != '' }} cancel-in-progress: ${{ github.head_ref != '' }}

2
.github/workflows/coverity-scan.yml vendored
View file

@ -5,6 +5,8 @@ on:
- cron: '0 0 1 * *' # Monthly (1st day of month at midnight) - cron: '0 0 1 * *' # Monthly (1st day of month at midnight)
workflow_dispatch: # Mainly for testing. Don't forget the Coverity usage limits. workflow_dispatch: # Mainly for testing. Don't forget the Coverity usage limits.
permissions: {}
jobs: jobs:
coverity_scan: coverity_scan:
name: Scan name: Scan

3
.github/workflows/stale_bot.yaml vendored
View file

@ -4,6 +4,9 @@ on:
schedule: schedule:
- cron: '0 0 * * *' - cron: '0 0 * * *'
permissions:
pull-requests: write
jobs: jobs:
stale: stale:
runs-on: ubuntu-latest runs-on: ubuntu-latest