neilnaveen
|
43b185e1c1
|
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
|
2022-07-04 01:19:58 +00:00 |
|
Andrew Murray
|
df4ddc1d84
|
Run Tidelift Align on Pipfile changes
|
2022-04-21 12:05:47 +03:00 |
|
Andrew Murray
|
954aa4e01d
|
Updated setup-python, checkout and upload-artifact actions to v3
|
2022-03-04 20:04:12 +11:00 |
|
Alex Clark
|
d23afb3e26
|
Update .github/workflows/tidelift.yml
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
|
2021-12-01 17:05:02 -05:00 |
|
Alex Clark
|
ae4d5d913c
|
Not deprecated, re-add org and proj
|
2021-12-01 14:15:40 -05:00 |
|
Alex Clark
|
c373ac188c
|
Remove org and proj because deprecated, I think
|
2021-12-01 14:13:07 -05:00 |
|
Alex Clark
|
91fb7fc067
|
Add hugovk suggestion
|
2021-12-01 13:58:13 -05:00 |
|
Hugo van Kemenade
|
836f740f7b
|
Don't run for forks: missing secrets would fail
|
2021-10-14 23:00:02 +03:00 |
|
Alex Clark
|
76b5760b38
|
Create tidelift.yml
|
2021-10-14 22:57:34 +03:00 |
|
Hugo van Kemenade
|
ce3c925a51
|
Delete tidelift.yml
|
2021-10-14 22:46:42 +03:00 |
|
Alex Clark
|
5c69dc7c9a
|
Create tidelift.yml
|
2021-10-14 13:42:18 -04:00 |
|