mrva/vscode-codeql
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #3927 from github/aeisenberg/add-permissions-actions

Browse Source 
Add permissions block and actions analysis
This commit is contained in:
Andrew Eisenberg
2025-02-14 09:44:33 -08:00
committed by GitHub
parent 18dba23d4f acc46cef30
commit 93645dee57
6 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/cli-test.yml vendored
View File

@@ -17,6 +17,8 @@ jobs:
find-nightly: find-nightly:
name: Find Nightly Release name: Find Nightly Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
outputs: outputs:
url: ${{ steps.get-url.outputs.nightly-url }} url: ${{ steps.get-url.outputs.nightly-url }}
steps: steps:
@@ -33,6 +35,8 @@ jobs:
set-matrix: set-matrix:
name: Set Matrix for cli-test name: Set Matrix for cli-test
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -47,6 +51,8 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
needs: [find-nightly, set-matrix] needs: [find-nightly, set-matrix]
timeout-minutes: 30 timeout-minutes: 30
permissions:
contents: read
strategy: strategy:
matrix: matrix:
os: [ubuntu-latest, windows-latest] os: [ubuntu-latest, windows-latest]

8
.github/workflows/codeql.yml vendored
View File

@@ -11,6 +11,12 @@ on:
jobs: jobs:
codeql: codeql:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy:
matrix:
language:
- javascript
- actions
fail-fast: false
permissions: permissions:
contents: read contents: read
@@ -24,7 +30,7 @@ jobs:
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@main uses: github/codeql-action/init@main
with: with:
languages: javascript languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml config-file: ./.github/codeql/codeql-config.yml
tools: latest tools: latest

3
.github/workflows/e2e-tests.yml vendored
View File

@@ -5,6 +5,9 @@ on:
pull_request: pull_request:
branches: [main] branches: [main]
permissions:
contents: read
jobs: jobs:
e2e-test: e2e-test:
name: E2E Test name: E2E Test

3
.github/workflows/label-issue.yml vendored
View File

@@ -3,6 +3,9 @@ on:
issues: issues:
types: [opened] types: [opened]
permissions:
issues: write
jobs: jobs:
label: label:
name: Label issue name: Label issue

3
.github/workflows/main.yml vendored
View File

@@ -7,6 +7,9 @@ on:
branches: branches:
- main - main
permissions:
contents: read
jobs: jobs:
build: build:
name: Build name: Build

4
.github/workflows/release.yml vendored
View File

@@ -16,6 +16,8 @@ jobs:
build: build:
name: Release name: Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -156,6 +158,8 @@ jobs:
needs: build needs: build
environment: publish-open-vsx environment: publish-open-vsx
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
env: env:
OPEN_VSX_TOKEN: ${{ secrets.OPEN_VSX_TOKEN }} OPEN_VSX_TOKEN: ${{ secrets.OPEN_VSX_TOKEN }}
steps: steps: