mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
Scorecard: Delcare default permissions as read only except CodeQL.
This commit is contained in:
parent
d34085615b
commit
badf33c544
4 changed files with 17 additions and 7 deletions
3
.github/workflows/codeql-analysis.yml
vendored
3
.github/workflows/codeql-analysis.yml
vendored
|
@ -3,6 +3,9 @@ name: "CodeQL"
|
||||||
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags
|
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags
|
||||||
on: [push, pull_request]
|
on: [push, pull_request]
|
||||||
|
|
||||||
|
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
|
||||||
|
permissions: write-all
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
analyze:
|
analyze:
|
||||||
name: actions-codeql-analyze
|
name: actions-codeql-analyze
|
||||||
|
|
3
.github/workflows/release.yml
vendored
3
.github/workflows/release.yml
vendored
|
@ -6,6 +6,9 @@ on:
|
||||||
tags:
|
tags:
|
||||||
- v6*
|
- v6*
|
||||||
|
|
||||||
|
# Declare default permissions as read only.
|
||||||
|
permissions: read-all
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
envs:
|
envs:
|
||||||
name: envs
|
name: envs
|
||||||
|
|
15
.github/workflows/scorecard.yml
vendored
15
.github/workflows/scorecard.yml
vendored
|
@ -2,7 +2,8 @@
|
||||||
# by a third-party and are governed by separate terms of service, privacy
|
# by a third-party and are governed by separate terms of service, privacy
|
||||||
# policy, and support documentation.
|
# policy, and support documentation.
|
||||||
|
|
||||||
name: Scorecard supply-chain security
|
name: Scorecard
|
||||||
|
|
||||||
on:
|
on:
|
||||||
# For Branch-Protection check. Only the default branch is supported. See
|
# For Branch-Protection check. Only the default branch is supported. See
|
||||||
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
|
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
|
||||||
|
@ -58,12 +59,12 @@ jobs:
|
||||||
|
|
||||||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
||||||
# format to the repository Actions tab.
|
# format to the repository Actions tab.
|
||||||
- name: "Upload artifact"
|
#- name: "Upload artifact"
|
||||||
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
|
# uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
|
||||||
with:
|
# with:
|
||||||
name: SARIF file
|
# name: SARIF file
|
||||||
path: results.sarif
|
# path: results.sarif
|
||||||
retention-days: 5
|
# retention-days: 5
|
||||||
|
|
||||||
# Upload the results to GitHub's code scanning dashboard.
|
# Upload the results to GitHub's code scanning dashboard.
|
||||||
- name: "Upload to code-scanning"
|
- name: "Upload to code-scanning"
|
||||||
|
|
3
.github/workflows/test.yml
vendored
3
.github/workflows/test.yml
vendored
|
@ -3,6 +3,9 @@ name: "Test"
|
||||||
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags
|
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags
|
||||||
on: [push, pull_request]
|
on: [push, pull_request]
|
||||||
|
|
||||||
|
# Declare default permissions as read only.
|
||||||
|
permissions: read-all
|
||||||
|
|
||||||
# The dependency graph:
|
# The dependency graph:
|
||||||
# test(6m)
|
# test(6m)
|
||||||
# multiple-arch-armv7(13m)
|
# multiple-arch-armv7(13m)
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue