Azure
/
ALZ-Bicep
зеркало из https://github.com/Azure/ALZ-Bicep.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Adjust permission scopes (#898)

This commit is contained in:
Zach Trocinski 2024-11-11 21:46:43 -06:00 коммит произвёл GitHub
Родитель 3712548faf
Коммит 1618d0f490
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
6 изменённых файлов: 8 добавлений и 9 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
.github/workflows/bicep-build-to-validate.yml поставляемый
Просмотреть файл

@ -15,7 +15,6 @@ jobs:
bicep_unit_tests: bicep_unit_tests:
name: Bicep Build & Lint All Modules name: Bicep Build & Lint All Modules
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@ -117,7 +116,6 @@ jobs:
azure_waf: azure_waf:
name: Test Azure Well-Architected Framework (PSRule) name: Test Azure Well-Architected Framework (PSRule)
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

3
.github/workflows/code-review.yml поставляемый
Просмотреть файл

@ -17,9 +17,7 @@ jobs:
statuses: write # for github/super-linter to mark status of each linter run statuses: write # for github/super-linter to mark status of each linter run
name: Lint code base name: Lint code base
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with: with:
@ -51,7 +49,6 @@ jobs:
markdown-link-check: markdown-link-check:
name: Markdown Link Check name: Markdown Link Check
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

4
.github/workflows/psdocs-mdtogit.yml поставляемый
Просмотреть файл

@ -19,11 +19,13 @@ env:
github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }} github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }}
permissions: permissions:
contents: write contents: read
jobs: jobs:
arm_docs: arm_docs:
name: Generate Markdown name: Generate Markdown
permissions:
contents: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner

4
.github/workflows/release.yml поставляемый
Просмотреть файл

@ -9,11 +9,13 @@ on:
- main - main
permissions: permissions:
contents: write contents: read
jobs: jobs:
release: release:
name: Generate Accelerator Release Artifacts name: Generate Accelerator Release Artifacts
permissions:
contents: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Harden Runner - name: Harden Runner

3
.github/workflows/scheduled-bicep-build.yml поставляемый
Просмотреть файл

@ -2,7 +2,6 @@ name: Unit Tests - Scheduled Bicep Build
permissions: permissions:
contents: read contents: read
issues: write
on: on:
schedule: schedule:
@ -13,6 +12,8 @@ jobs:
bicep_unit_tests: bicep_unit_tests:
name: Bicep Build & Lint All Modules name: Bicep Build & Lint All Modules
if: github.repository == 'Azure/ALZ-Bicep' if: github.repository == 'Azure/ALZ-Bicep'
permissions:
issues: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

1
.github/workflows/scorecard.yml поставляемый
Просмотреть файл

@ -29,7 +29,6 @@ jobs:
# Uncomment the permissions below if installing in a private repository. # Uncomment the permissions below if installing in a private repository.
# contents: read # contents: read
# actions: read # actions: read
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1