nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-21 11:18:49 -05:00
Code

[BRE-848] Adding Workflow Permissions (#5985)

Browse Source
This commit is contained in:
Andy Pixley 2025-06-20 12:15:38 -04:00 committed by GitHub
parent 91b4ef756b
commit b13c950328
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/enforce-labels.yml vendored
View File

@ -4,6 +4,9 @@ on:
workflow_call: workflow_call:
pull_request: pull_request:
types: [labeled, unlabeled, opened, reopened, synchronize] types: [labeled, unlabeled, opened, reopened, synchronize]
permissions: {}
jobs: jobs:
enforce-label: enforce-label:
if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') || contains(github.event.*.labels.*.name, 'ephemeral-environment') }} if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') || contains(github.event.*.labels.*.name, 'ephemeral-environment') }}

3
.github/workflows/protect-files.yml vendored
View File

@ -16,6 +16,9 @@ jobs:
changed-files: changed-files:
name: Check for file changes name: Check for file changes
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions:
contents: read
pull-requests: write
outputs: outputs:
changes: ${{steps.check-changes.outputs.changes_detected}} changes: ${{steps.check-changes.outputs.changes_detected}}

5
.github/workflows/stale-bot.yml vendored
View File

@ -8,6 +8,11 @@ jobs:
stale: stale:
name: Check for stale issues and PRs name: Check for stale issues and PRs
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions:
actions: write
contents: read
issues: write
pull-requests: write
steps: steps:
- name: Check - name: Check
uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0

7
.github/workflows/test-database.yml vendored
View File

@ -31,10 +31,17 @@ on:
- "test/Infrastructure.IntegrationTest/**" # Any changes to the tests - "test/Infrastructure.IntegrationTest/**" # Any changes to the tests
- "src/**/Entities/**/*.cs" # Database entity definitions - "src/**/Entities/**/*.cs" # Database entity definitions
permissions:
contents: read
jobs: jobs:
test: test:
name: Run tests name: Run tests
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions:
contents: read
actions: read
checks: write
steps: steps:
- name: Check out repo - name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2