summaryrefslogtreecommitdiffhomepage
path: root/.github
diff options
context:
space:
mode:
authorLinus Färnstrand <linus@mullvad.net>2024-08-29 14:27:54 +0200
committerLinus Färnstrand <linus@mullvad.net>2024-08-29 14:27:54 +0200
commitf1d9dd3bf9dab8bd9e08daac7f36980b3c332dfb (patch)
tree8cf0f1e9821ff55a5342063e1f28b73820964a17 /.github
parenta77e48d75207d70272f8f38224682571dce02aac (diff)
parentc2d8128c31c77a504d3c68eb45850f8323489d66 (diff)
downloadmullvadvpn-f1d9dd3bf9dab8bd9e08daac7f36980b3c332dfb.tar.xz
mullvadvpn-f1d9dd3bf9dab8bd9e08daac7f36980b3c332dfb.zip
Merge branch 'fix-ci-permissions'
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/ios-rust-ffi.yml3
-rw-r--r--.github/workflows/osv-scanner-pr.yml14
-rw-r--r--.github/workflows/osv-scanner-scheduled.yml14
3 files changed, 19 insertions, 12 deletions
diff --git a/.github/workflows/ios-rust-ffi.yml b/.github/workflows/ios-rust-ffi.yml
index d847e688ff..04f9a78d32 100644
--- a/.github/workflows/ios-rust-ffi.yml
+++ b/.github/workflows/ios-rust-ffi.yml
@@ -7,6 +7,9 @@ on:
- clippy.toml
- '**/*.rs'
workflow_dispatch:
+
+permissions: {}
+
jobs:
build-ios:
runs-on: macos-latest
diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml
index 8280222c8d..f4e2d09d0c 100644
--- a/.github/workflows/osv-scanner-pr.yml
+++ b/.github/workflows/osv-scanner-pr.yml
@@ -5,14 +5,16 @@ on:
pull_request:
workflow_dispatch:
-permissions:
- # Require writing security events to upload SARIF file to security tab
- security-events: write
- # Only need to read contents
- contents: read
- actions: read
+permissions: {}
jobs:
scan-pr:
+ permissions:
+ # Require writing security events to upload SARIF file to security tab
+ security-events: write
+ # Only need to read contents
+ contents: read
+ actions: read
+
# yamllint disable rule:line-length
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@dfa8609a7da62968d73f63f279418e504c1f523f" # v1.8.1
diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml
index 017af19e7e..7df091337a 100644
--- a/.github/workflows/osv-scanner-scheduled.yml
+++ b/.github/workflows/osv-scanner-scheduled.yml
@@ -8,14 +8,16 @@ on:
branches: [main]
workflow_dispatch:
-permissions:
- # Require writing security events to upload SARIF file to security tab
- security-events: write
- # Only need to read contents
- contents: read
- actions: read
+permissions: {}
jobs:
scan-scheduled:
+ permissions:
+ # Require writing security events to upload SARIF file to security tab
+ security-events: write
+ # Only need to read contents
+ contents: read
+ actions: read
+
# yamllint disable rule:line-length
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@dfa8609a7da62968d73f63f279418e504c1f523f" # v1.8.1