Home-IoT/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2024-11-22 15:08:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Constrain GH Actions workflows permissions (#2625)

Browse source
This commit is contained in:
Otto Winter 2021-10-26 10:55:27 +02:00 committed by GitHub
parent a01f5f5cf1
commit c612a3bf60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/ci-docker.yml vendored
View file

@ -17,6 +17,10 @@ on:
- 'requirements*.txt' - 'requirements*.txt'
- 'platformio.ini' - 'platformio.ini'
permissions:
contents: read
packages: read
jobs: jobs:
check-docker: check-docker:
name: Build docker containers name: Build docker containers

3
.github/workflows/ci.yml vendored
View file

@ -8,6 +8,9 @@ on:
pull_request: pull_request:
permissions:
contents: read
jobs: jobs:
ci: ci:
name: ${{ matrix.name }} name: ${{ matrix.name }}

9
.github/workflows/release.yml vendored
View file

@ -7,6 +7,9 @@ on:
schedule: schedule:
- cron: "0 2 * * *" - cron: "0 2 * * *"
permissions:
contents: read
jobs: jobs:
init: init:
name: Initialize build name: Initialize build
@ -52,6 +55,9 @@ jobs:
deploy-docker: deploy-docker:
name: Build and publish docker containers name: Build and publish docker containers
if: github.repository == 'esphome/esphome' if: github.repository == 'esphome/esphome'
permissions:
contents: read
packages: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [init] needs: [init]
strategy: strategy:
@ -93,6 +99,9 @@ jobs:
deploy-docker-manifest: deploy-docker-manifest:
if: github.repository == 'esphome/esphome' if: github.repository == 'esphome/esphome'
permissions:
contents: read
packages: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [init, deploy-docker] needs: [init, deploy-docker]
strategy: strategy: