github-forks
/
srs
mirror of https://github.com/ossrs/srs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Scorecard: Delcare default permissions as read only except CodeQL.

Browse Source
pull/3375/head
winlin 2 years ago
parent d34085615b
commit badf33c544
4 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File

3
.github/workflows/codeql-analysis.yml vendored
Unescape Escape View File

@ -3,6 +3,9 @@ name: "CodeQL"
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags # @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags
on: [push, pull_request] on: [push, pull_request]
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions: write-all
jobs: jobs:
analyze: analyze:
name: actions-codeql-analyze name: actions-codeql-analyze

3
.github/workflows/release.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
tags: tags:
- v6* - v6*
# Declare default permissions as read only.
permissions: read-all
jobs: jobs:
envs: envs:
name: envs name: envs

15
.github/workflows/scorecard.yml vendored
Unescape Escape View File

@ -2,7 +2,8 @@
# by a third-party and are governed by separate terms of service, privacy # by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation. # policy, and support documentation.
name: Scorecard supply-chain security name: Scorecard
on: on:
# For Branch-Protection check. Only the default branch is supported. See # For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
@ -58,12 +59,12 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab. # format to the repository Actions tab.
- name: "Upload artifact" #- name: "Upload artifact"
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 # uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
with: # with:
name: SARIF file # name: SARIF file
path: results.sarif # path: results.sarif
retention-days: 5 # retention-days: 5
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"

3
.github/workflows/test.yml vendored
Unescape Escape View File

@ -3,6 +3,9 @@ name: "Test"
# @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags # @see https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags
on: [push, pull_request] on: [push, pull_request]
# Declare default permissions as read only.
permissions: read-all
# The dependency graph: # The dependency graph:
# test(6m) # test(6m)
# multiple-arch-armv7(13m) # multiple-arch-armv7(13m)

Write Preview
Loading…
Cancel
Save