Skip to content

Commit 9c43c1d

Browse files
msimersonmsimerson
authored
ci: update permissions to be explicit (#42)
- ci: only test active node version on mac/win (1 test vs 3)
1 parent 55f22b4 commit 9c43c1d

4 files changed

Lines changed: 23 additions & 5 deletions

File tree

.github/FUNDING.yml

Lines changed: 0 additions & 3 deletions
This file was deleted.

.github/workflows/ci.yml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,13 @@ env:
1111

1212
jobs:
1313
lint:
14+
permissions:
15+
contents: read
1416
uses: NicTool/.github/.github/workflows/lint.yml@main
1517

1618
coverage:
19+
permissions:
20+
contents: read
1721
runs-on: ubuntu-latest
1822
steps:
1923
- name: Start MySQL
@@ -37,6 +41,8 @@ jobs:
3741
github-token: ${{ secrets.github_token }}
3842

3943
get-lts:
44+
permissions:
45+
contents: read
4046
runs-on: ubuntu-latest
4147
steps:
4248
- id: get
@@ -49,6 +55,8 @@ jobs:
4955
min: ${{ steps.get.outputs.min }}
5056

5157
test:
58+
permissions:
59+
contents: read
5260
needs: [ get-lts ]
5361
runs-on: ${{ matrix.os }}
5462
strategy:
@@ -67,11 +75,13 @@ jobs:
6775
- run: npm test
6876

6977
test-mac:
78+
permissions:
79+
contents: read
7080
needs: [ get-lts ]
7181
runs-on: macos-latest
7282
strategy:
7383
matrix:
74-
node-version: ${{ fromJson(needs.get-lts.outputs.lts) }}
84+
node-version: ${{ fromJson(needs.get-lts.outputs.active) }}
7585
fail-fast: false
7686
steps:
7787
- name: Install & Start MySQL
@@ -88,11 +98,13 @@ jobs:
8898
- run: npm test
8999

90100
test-win:
101+
permissions:
102+
contents: read
91103
needs: [ get-lts ]
92104
runs-on: windows-latest
93105
strategy:
94106
matrix:
95-
node-version: ${{ fromJson(needs.get-lts.outputs.lts) }}
107+
node-version: ${{ fromJson(needs.get-lts.outputs.active) }}
96108
experimental: [true]
97109
fail-fast: false
98110
steps:

.github/workflows/codeql.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,8 @@ on:
1111

1212
jobs:
1313
codeql:
14+
permissions:
15+
actions: read
16+
contents: read
17+
security-events: write
1418
uses: NicTool/.github/.github/workflows/codeql.yml@main

.github/workflows/publish.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ env:
1010

1111
jobs:
1212
build:
13+
permissions:
14+
contents: read
1315
runs-on: ubuntu-latest
1416
steps:
1517
- run: sudo /etc/init.d/mysql start
@@ -22,6 +24,9 @@ jobs:
2224
- run: npm test
2325

2426
publish-npm:
27+
permissions:
28+
contents: read
29+
id-token: write
2530
needs: build
2631
runs-on: ubuntu-latest
2732
steps:

0 commit comments

Comments
 (0)