Skip to content

Commit 48035b7

Browse files
crazy-maxcrazy-max
committed
zizmor: fix reusable workflow permissions
1 parent d6328d9 commit 48035b7

6 files changed

Lines changed: 9 additions & 5 deletions

File tree

.github/workflows/.zizmor.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ concurrency:
44
group: ${{ github.workflow }}-${{ github.ref }}
55
cancel-in-progress: true
66

7-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
87
permissions:
8+
actions: read
99
contents: read
1010

1111
on:
@@ -19,6 +19,7 @@ jobs:
1919
run:
2020
uses: ./.github/workflows/zizmor.yml
2121
permissions:
22+
actions: read
2223
contents: read
2324
security-events: write
2425
with:

.github/workflows/list-commits.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
name: list-commits
22

3-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
43
permissions:
54
contents: read
65

.github/workflows/pr-assign-author.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
name: pr-assign-author
22

3-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
43
permissions:
54
contents: read
65

.github/workflows/releases-json.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
name: releases-json
22

3-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
43
permissions:
54
contents: read
65

.github/workflows/zizmor.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: zizmor
22

3-
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
43
permissions:
4+
actions: read
55
contents: read
66

77
on:
@@ -43,6 +43,7 @@ jobs:
4343
zizmor:
4444
runs-on: ubuntu-latest
4545
permissions:
46+
actions: read
4647
contents: read
4748
security-events: write
4849
steps:

README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -254,6 +254,9 @@ they are skipped for `edge` resolution.
254254
```yaml
255255
name: ci
256256
257+
permissions:
258+
contents: read
259+
257260
on:
258261
push:
259262
@@ -347,6 +350,7 @@ and uploads the SARIF report to GitHub code scanning.
347350
name: ci
348351

349352
permissions:
353+
actions: read
350354
contents: read
351355

352356
on:
@@ -357,6 +361,7 @@ jobs:
357361
zizmor:
358362
uses: crazy-max/.github/.github/workflows/zizmor.yml@v1
359363
permissions:
364+
actions: read
360365
contents: read
361366
security-events: write
362367
with:

0 commit comments

Comments
 (0)