schuetz3/schuetz3-erpnext
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #48103 from ruthra-kumar/restrictive_github_actions

Browse Source 
ci: restrictive permission for GH actions
This commit is contained in:
ruthra kumar
2025-06-17 16:08:50 +05:30
committed by GitHub
parent 10a83698eb fa82d3fbb1
commit 5683032434
12 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/backport.yml vendored
View File

@@ -5,6 +5,9 @@ on:
- closed
- labeled
permissions:
contents: read
jobs:
main:
runs-on: ubuntu-latest

4
.github/workflows/docker-release.yml vendored
View File

@@ -2,6 +2,10 @@ name: Trigger Docker build on release
on:
release:
types: [released]
permissions:
contents: read
jobs:
curl:
runs-on: ubuntu-latest

3
.github/workflows/docs-checker.yml vendored
View File

@@ -3,6 +3,9 @@ on:
pull_request:
types: [ opened, synchronize, reopened, edited ]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest

4
.github/workflows/initiate_release.yml vendored
View File

@@ -2,6 +2,10 @@
# To add/remove versions just modify the matrix.
name: Create weekly release pull requests
permissions:
contents: read
on:
schedule:
# 9:30 UTC => 3 PM IST Tuesday

4
.github/workflows/labeller.yml vendored
View File

@@ -3,6 +3,10 @@ on:
pull_request_target:
types: [opened, reopened]
permissions:
issues: write
pull-requests: write
jobs:
triage:
runs-on: ubuntu-latest

3
.github/workflows/linters.yml vendored
View File

@@ -3,6 +3,9 @@ name: Linters
on:
pull_request: { }
permissions:
contents: read
jobs:
linters:

3
.github/workflows/patch.yml vendored
View File

@@ -10,6 +10,9 @@ on:
- '**.csv'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: patch-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: true

4
.github/workflows/release.yml vendored
View File

@@ -3,6 +3,10 @@ on:
push:
branches:
- version-13
permissions:
contents: read
jobs:
release:
name: Release

3
.github/workflows/run-indinvidual-tests.yml vendored
View File

@@ -7,6 +7,9 @@ concurrency:
group: server-individual-tests-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: false
permissions:
contents: read
jobs:
discover:
runs-on: ubuntu-latest

3
.github/workflows/server-tests-mariadb-faux.yml vendored
View File

@@ -10,6 +10,9 @@ on:
- "**.md"
- "**.html"
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest

3
.github/workflows/server-tests-mariadb.yml vendored
View File

@@ -25,6 +25,9 @@ on:
required: false
type: string
permissions:
contents: read
concurrency:
group: server-mariadb-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: true

3
.github/workflows/server-tests-postgres.yml vendored
View File

@@ -12,6 +12,9 @@ concurrency:
group: server-postgres-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: true
permissions:
contents: read
jobs:
test:
if: ${{ contains(github.event.pull_request.labels.*.name, 'postgres') }}