Skip to content

Commit

Permalink
fix Token permissions (#6910)
Browse files Browse the repository at this point in the history 
* fix Token permissions

https://github.com/Hack23/cia/security/code-scanning/83

* fix fix Token permissions

https://github.com/Hack23/cia/security/code-scanning/82

* fix Token permissions
  • Loading branch information
@pethers
pethers authored Dec 28, 2024
1 parent 6da0dde commit 997af03
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 8 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,17 @@ on:
env:
javaVersion: java21

permissions:
contents: write
security-events: write
pull-requests: read

permissions: read-all

jobs:
analyze:
name: Analyze
runs-on: ubuntu-24.04

permissions:
contents: write # Required for dependency submission and repository access
security-events: write # Required for CodeQL, checkov, and dependency submission
pull-requests: read # Needed for PR analysis
actions: read # Needed for CodeQL action metadata
strategy:
fail-fast: false
matrix:
Expand Down
14 changes: 12 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,25 @@ on:
release:
description: 'Version to release'
required: true
permissions: write-all

permissions: read-all

env:
javaVersion: java21

jobs:
release:
name: Release
runs-on: ubuntu-24.04

permissions:
contents: write # Needed for checkout, git-auto-commit-action, and creating releases
packages: write # Needed for publishing packages
id-token: write # Required for SLSA provenance and SBOM attestation
actions: read # Basic read access to actions
security-events: write # Needed for SBOM attestation
statuses: write # Required for commit statuses updated by actions
issues: read # Needed for release notes generation capability
pull-requests: read # Access for potential PR-related operations
strategy:
fail-fast: false

Expand Down

0 comments on commit 997af03

Please sign in to comment.