]> git.madduck.net Git - etc/vim.git/commit

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

chore: Set permissions for GitHub actions (#3043)
authorNaveen <172697+naveensrinivasan@users.noreply.github.com>
Tue, 3 May 2022 13:08:33 +0000 (08:08 -0500)
committerGitHub <noreply@github.com>
Tue, 3 May 2022 13:08:33 +0000 (07:08 -0600)
commitc940f75d5b646777427aef1beb18a0d2c391f5e2
treefe5fea9a80b9e66720f5b2a560f0ff3aa7d7bc17
parent9d5edd302003285b5280e3dd209d6299feafb70e
chore: Set permissions for GitHub actions (#3043)

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
.github/workflows/changelog.yml
.github/workflows/doc.yml
.github/workflows/docker.yml
.github/workflows/fuzz.yml
.github/workflows/pypi_upload.yml
.github/workflows/upload_binary.yml
.github/workflows/uvloop_test.yml