1
0
mirror of https://github.com/coder/code-server.git synced 2024-12-04 23:03:06 +08:00
code-server/.github/workflows
neilnaveen f4569f0b48
Set permissions for GitHub actions (#5090)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>

Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-12 18:59:11 +00:00
..
ci.yaml Set permissions for GitHub actions (#5090) 2022-04-12 18:59:11 +00:00
codeql-analysis.yml Set permissions for GitHub actions (#5090) 2022-04-12 18:59:11 +00:00
docker.yaml fix: use -r with jq and add workflow for artifacts (#5016) 2022-03-22 16:45:59 -07:00
docs-preview.yaml chore(ci): disable docs-preview on forks (#5046) 2022-03-30 13:45:35 -07:00
installer.yml Set permissions for GitHub actions (#5090) 2022-04-12 18:59:11 +00:00
npm-brew.yaml refactor(brew-bump): fix homebrew bump script (#5025) 2022-03-29 16:58:34 -07:00
scripts.yml chore(deps): update actions/checkout action to v3 (#4931) 2022-03-01 16:31:32 -07:00
trivy-docker.yaml chore: add permissions trivy-docker (#4957) 2022-03-08 13:19:57 -07:00