You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by jo...@apache.org on 2022/07/10 10:51:53 UTC
[zeppelin] branch master updated: [MINOR] Set permissions for GitHub actions (#4386)
This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 1640e2da4f [MINOR] Set permissions for GitHub actions (#4386)
1640e2da4f is described below
commit 1640e2da4fee165b5305b0f94e2c5296410f964a
Author: Naveen <17...@users.noreply.github.com>
AuthorDate: Sun Jul 10 05:51:44 2022 -0500
[MINOR] Set permissions for GitHub actions (#4386)
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: naveen <17...@users.noreply.github.com>
---
.github/workflows/quick.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/quick.yml b/.github/workflows/quick.yml
index 4783d9c08b..98bd9ffa87 100644
--- a/.github/workflows/quick.yml
+++ b/.github/workflows/quick.yml
@@ -7,6 +7,9 @@ on:
- branch-*
types: [opened, synchronize]
+permissions:
+ contents: read
+
jobs:
license-check:
runs-on: ubuntu-20.04
Re: [zeppelin] branch master updated: [MINOR] Set permissions for GitHub actions (#4386)
Posted by emmanuel warreng <em...@gmail.com>.
Unsubscribe
On Sun, Jul 10, 2022, 12:51 <jo...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> jongyoul pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/zeppelin.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 1640e2da4f [MINOR] Set permissions for GitHub actions (#4386)
> 1640e2da4f is described below
>
> commit 1640e2da4fee165b5305b0f94e2c5296410f964a
> Author: Naveen <17...@users.noreply.github.com>
> AuthorDate: Sun Jul 10 05:51:44 2022 -0500
>
> [MINOR] Set permissions for GitHub actions (#4386)
>
> Restrict the GitHub token permissions only to the required ones; this
> way, even if the attackers will succeed in compromising your workflow, they
> won’t be able to do much.
>
> - Included permissions for the action.
> https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
>
>
> https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
>
>
> https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
>
> [Keeping your GitHub Actions and workflows secure Part 1: Preventing
> pwn requests](
> https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
> )
>
> Signed-off-by: naveen <
> 172697+naveensrinivasan@users.noreply.github.com>
> ---
> .github/workflows/quick.yml | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/.github/workflows/quick.yml b/.github/workflows/quick.yml
> index 4783d9c08b..98bd9ffa87 100644
> --- a/.github/workflows/quick.yml
> +++ b/.github/workflows/quick.yml
> @@ -7,6 +7,9 @@ on:
> - branch-*
> types: [opened, synchronize]
>
> +permissions:
> + contents: read
> +
> jobs:
> license-check:
> runs-on: ubuntu-20.04
>
>