Archivist
/
raylib-src
镜像自地址 https://github.com/raysan5/raylib
1
0
派生 0
代码 工单 0 版本发布 24 百科 动态
浏览代码

chore: Set permissions for GitHub actions (#2496) 

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
pull/2503/head
Naveen 3 年前
committed by GitHub
父节点
d0318aac4a
当前提交
023eb3380d
找不到此签名对应的密钥 GPG 密钥 ID: 4AEE18F83AFDEB23
共有 7 个文件被更改,包括 29 次插入0 次删除
合并视图
Diff 选项
显示统计 下载 Patch 文件 下载 Diff 文件
  1. +5
    -0
      .github/workflows/android.yml
  2. +3
    -0
      .github/workflows/cmake.yml
  3. +5
    -0
      .github/workflows/linux.yml
  4. +3
    -0
      .github/workflows/linux_examples.yml
  5. +5
    -0
      .github/workflows/macos.yml
  6. +5
    -0
      .github/workflows/windows.yml
  7. +3
    -0
      .github/workflows/windows_examples.yml

+ 5
- 0
.github/workflows/android.yml 查看文件

@ -16,8 +16,13 @@ on:
release: release:
types: [published] types: [published]
permissions:
contents: read
jobs: jobs:
build: build:
permissions:
contents: write # for actions/upload-release-asset to upload release asset
runs-on: windows-latest runs-on: windows-latest
strategy: strategy:
fail-fast: false fail-fast: false

+ 3
- 0
.github/workflows/cmake.yml 查看文件

@ -23,6 +23,9 @@ env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release BUILD_TYPE: Release
permissions:
contents: read
jobs: jobs:
build_windows: build_windows:
name: Windows Build name: Windows Build

+ 5
- 0
.github/workflows/linux.yml 查看文件

@ -15,8 +15,13 @@ on:
release: release:
types: [published] types: [published]
permissions:
contents: read
jobs: jobs:
build: build:
permissions:
contents: write # for actions/upload-release-asset to upload release asset
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false

+ 3
- 0
.github/workflows/linux_examples.yml 查看文件

@ -14,6 +14,9 @@ on:
- 'examples/**' - 'examples/**'
- '.github/workflows/linux_examples.yml' - '.github/workflows/linux_examples.yml'
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest

+ 5
- 0
.github/workflows/macos.yml 查看文件

@ -15,8 +15,13 @@ on:
release: release:
types: [published] types: [published]
permissions:
contents: read
jobs: jobs:
build: build:
permissions:
contents: write # for actions/upload-release-asset to upload release asset
runs-on: macos-latest runs-on: macos-latest
env: env:

+ 5
- 0
.github/workflows/windows.yml 查看文件

@ -15,8 +15,13 @@ on:
release: release:
types: [published] types: [published]
permissions:
contents: read
jobs: jobs:
build: build:
permissions:
contents: write # for actions/upload-release-asset to upload release asset
runs-on: windows-latest runs-on: windows-latest
strategy: strategy:
fail-fast: false fail-fast: false

+ 3
- 0
.github/workflows/windows_examples.yml 查看文件

@ -14,6 +14,9 @@ on:
- 'examples/**' - 'examples/**'
- '.github/workflows/windows_examples.yml' - '.github/workflows/windows_examples.yml'
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: windows-latest runs-on: windows-latest

撰写 预览
正在加载...
取消
保存