You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2022/12/09 09:26:08 UTC

[struts] branch gh-permission created (now 0b6735008)

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch gh-permission
in repository https://gitbox.apache.org/repos/asf/struts.git


      at 0b6735008 Applies permission to GH workflows

This branch includes the following new commits:

     new 0b6735008 Applies permission to GH workflows

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] 01/01: Applies permission to GH workflows

Posted by lu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch gh-permission
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 0b67350084086f8a6067ae865d8fb715ab3a6a9a
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Fri Dec 9 10:25:59 2022 +0100

    Applies permission to GH workflows
---
 .github/workflows/codeql.yml | 10 +++++++++-
 .github/workflows/maven.yml  |  2 ++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 147129c17..cc9af2b6d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -20,6 +20,14 @@ on:
     branches: [ "master" ]
   pull_request:
 
+permissions:
+  # Needed to upload the results to code-scanning dashboard.
+  security-events: write
+  actions: read
+  contents: read
+  # Needed to access OIDC token.
+  id-token: write
+
 jobs:
   analyze:
     name: Analyze
@@ -38,7 +46,7 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
-        languages: ${{ matrix.language }}        
+        languages: ${{ matrix.language }}
     - name: Autobuild
       uses: github/codeql-action/autobuild@v2
     - name: Perform CodeQL Analysis
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 9a0d796aa..7218879ba 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -21,6 +21,8 @@ on:
     branches:
       - master
 
+permissions: read-all
+
 env:
   MAVEN_OPTS: -Xmx2048m -Xms1024m
   LANG: en_US.utf8