Commit Graph

11 Commits

Author SHA1 Message Date
neilnaveen
43b185e1c1 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
2022-07-04 01:19:58 +00:00
Andrew Murray
df4ddc1d84 Run Tidelift Align on Pipfile changes 2022-04-21 12:05:47 +03:00
Andrew Murray
954aa4e01d Updated setup-python, checkout and upload-artifact actions to v3 2022-03-04 20:04:12 +11:00
Alex Clark
d23afb3e26
Update .github/workflows/tidelift.yml
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-12-01 17:05:02 -05:00
Alex Clark
ae4d5d913c Not deprecated, re-add org and proj 2021-12-01 14:15:40 -05:00
Alex Clark
c373ac188c Remove org and proj because deprecated, I think 2021-12-01 14:13:07 -05:00
Alex Clark
91fb7fc067 Add hugovk suggestion 2021-12-01 13:58:13 -05:00
Hugo van Kemenade
836f740f7b Don't run for forks: missing secrets would fail 2021-10-14 23:00:02 +03:00
Alex Clark
76b5760b38 Create tidelift.yml 2021-10-14 22:57:34 +03:00
Hugo van Kemenade
ce3c925a51
Delete tidelift.yml 2021-10-14 22:46:42 +03:00
Alex Clark
5c69dc7c9a
Create tidelift.yml 2021-10-14 13:42:18 -04:00