From d3a781f43613ac6cb05e548ed3c3ed05e0a12737 Mon Sep 17 00:00:00 2001 From: Vincent Boutour Date: Sun, 2 Jul 2023 11:57:47 +0200 Subject: [PATCH] ci(github): Define explicit permission Signed-off-by: Vincent Boutour --- .github/workflows/branch_clean.yaml | 12 +++++++++++- .github/workflows/build.yaml | 18 ++++++++++++++---- .github/workflows/herodote.yaml | 14 ++++++++++++-- .prettierrc | 4 ---- 4 files changed, 37 insertions(+), 11 deletions(-) delete mode 100644 .prettierrc diff --git a/.github/workflows/branch_clean.yaml b/.github/workflows/branch_clean.yaml index 8c69267a..15ee5756 100644 --- a/.github/workflows/branch_clean.yaml +++ b/.github/workflows/branch_clean.yaml @@ -1,7 +1,17 @@ --- name: Git -permissions: {} +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pages: none + pull-requests: none + repository-projects: none + security-events: none on: - pull_request diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 389fb776..3d49fb99 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,7 +1,17 @@ --- name: Build -permissions: {} +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pages: none + pull-requests: none + repository-projects: none + security-events: none on: push: @@ -12,7 +22,7 @@ on: - main env: - SCRIPTS_NO_INTERACTIVE: 'true' + SCRIPTS_NO_INTERACTIVE: "true" defaults: run: @@ -28,7 +38,7 @@ jobs: - name: Setup Golang uses: actions/setup-go@v4 with: - go-version: '^1.20' + go-version: "^1.20" - name: Build run: | @@ -61,7 +71,7 @@ jobs: - name: Setup Golang uses: actions/setup-go@v4 with: - go-version: '^1.20' + go-version: "^1.20" - name: Build env: GO_ARCHS: linux/amd64 linux/arm linux/arm64 darwin/amd64 darwin/arm64 diff --git a/.github/workflows/herodote.yaml b/.github/workflows/herodote.yaml index ff7a9f2b..aad1a596 100644 --- a/.github/workflows/herodote.yaml +++ b/.github/workflows/herodote.yaml @@ -1,7 +1,17 @@ --- name: Herodote -permissions: {} +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pages: none + pull-requests: none + repository-projects: none + security-events: none on: push: @@ -26,4 +36,4 @@ jobs: HERODOTE_SECRET: ${{ secrets.HERODOTE_SECRET }} GIT_HOST: github.com GIT_REPOSITORY: ${{ github.repository }} - SCRIPTS_NO_INTERACTIVE: '1' + SCRIPTS_NO_INTERACTIVE: "1" diff --git a/.prettierrc b/.prettierrc deleted file mode 100644 index a20502b7..00000000 --- a/.prettierrc +++ /dev/null @@ -1,4 +0,0 @@ -{ - "singleQuote": true, - "trailingComma": "all" -}