github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-08-22 22:33:34 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

GHA CI: reduce permission scope

Browse source
This commit is contained in:
Chocobo1 2025-01-18 20:42:33 +08:00
commit 934a6db251
No known key found for this signature in database
GPG key ID: 210D9C873253A68C
5 changed files with 16 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/ci_macos.yaml vendored
View file

@ -2,8 +2,7 @@ name: CI - macOS
on: [pull_request, push] on: [pull_request, push]
permissions: permissions: {}
actions: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@ -13,6 +12,8 @@ jobs:
ci: ci:
name: Build name: Build
runs-on: macos-latest runs-on: macos-latest
permissions:
actions: write
strategy: strategy:
fail-fast: false fail-fast: false

7
.github/workflows/ci_ubuntu.yaml vendored
View file

@ -2,9 +2,7 @@ name: CI - Ubuntu
on: [pull_request, push] on: [pull_request, push]
permissions: permissions: {}
actions: write
security-events: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@ -14,6 +12,9 @@ jobs:
ci: ci:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
actions: write
security-events: write
strategy: strategy:
fail-fast: false fail-fast: false

5
.github/workflows/ci_webui.yaml vendored
View file

@ -2,8 +2,7 @@ name: CI - WebUI
on: [pull_request, push] on: [pull_request, push]
permissions: permissions: {}
security-events: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@ -13,6 +12,8 @@ jobs:
ci: ci:
name: Check name: Check
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
security-events: write
defaults: defaults:
run: run:

5
.github/workflows/ci_windows.yaml vendored
View file

@ -2,8 +2,7 @@ name: CI - Windows
on: [pull_request, push] on: [pull_request, push]
permissions: permissions: {}
actions: write
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@ -13,6 +12,8 @@ jobs:
ci: ci:
name: Build name: Build
runs-on: windows-latest runs-on: windows-latest
permissions:
actions: write
strategy: strategy:
fail-fast: false fail-fast: false

5
.github/workflows/stale_bot.yaml vendored
View file

@ -4,12 +4,13 @@ on:
schedule: schedule:
- cron: '0 0 * * *' - cron: '0 0 * * *'
permissions: permissions: {}
pull-requests: write
jobs: jobs:
stale: stale:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
pull-requests: write
steps: steps:
- name: Mark and close stale PRs - name: Mark and close stale PRs
uses: actions/stale@v9 uses: actions/stale@v9