Skip to content

Commit

Permalink
fix(ci): least privilege
Browse files Browse the repository at this point in the history
  • Loading branch information
@steveoh
steveoh committed Jun 27, 2023
1 parent 722ae44 commit fea56e5
Showing 1 changed file with 5 additions and 14 deletions.
19 changes: 5 additions & 14 deletions .github/workflows/push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,6 @@ on:
- main
- dev

permissions:
contents: write
id-token: write
deployments: write
pull-requests: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
Expand All @@ -20,6 +14,11 @@ jobs:
release-please:
name: Create release
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
deployments: write
pull-requests: write
outputs:
release_created: ${{ steps.release-please.outputs.release_created }}

Expand Down Expand Up @@ -47,12 +46,8 @@ jobs:
name: dev
permissions:
id-token: write
contents: read

steps:
- name: 👁 Monitor permissions
uses: GitHubSecurityLab/actions-permissions/monitor@v1

- name: ⬇️ Set up code
uses: actions/checkout@v3

Expand All @@ -72,12 +67,8 @@ jobs:
name: prod
permissions:
id-token: write
contents: read

steps:
- name: 👁 Monitor permissions
uses: GitHubSecurityLab/actions-permissions/monitor@v1

- name: ⬇️ Set up code
uses: actions/checkout@v3

Expand Down

0 comments on commit fea56e5

Please sign in to comment.