mirror of
https://github.com/Smaug123/KaTeX
synced 2025-10-05 19:28:39 +00:00
ci: set necessary token permissions (#2960)
* ci(fonts): set token permission to remove label I've changed [the default permission of the token to read-only](https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/) and this is the only place we need write access. * ci(codeql): set token permission to upload result * ci(codeql): set token permission to read actions
This commit is contained in:
ylemkimon
GitHub
5
.github/workflows/codeql-analysis.yml
vendored
5
.github/workflows/codeql-analysis.yml
vendored
@@ -8,6 +8,11 @@ on:
|
|||||||
schedule:
|
schedule:
|
||||||
- cron: '0 0 * * 1'
|
- cron: '0 0 * * 1'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
actions: read
|
||||||
|
contents: read
|
||||||
|
security-events: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
analyze:
|
analyze:
|
||||||
name: Analyze
|
name: Analyze
|
||||||
|
|||||||
3
.github/workflows/fonts.yml
vendored
3
.github/workflows/fonts.yml
vendored
@@ -11,6 +11,9 @@ jobs:
|
|||||||
if: contains(github.event.pull_request.labels.*.name, 'build fonts')
|
if: contains(github.event.pull_request.labels.*.name, 'build fonts')
|
||||||
outputs:
|
outputs:
|
||||||
image: ${{ steps.check-image.outputs.result }}
|
image: ${{ steps.check-image.outputs.result }}
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: write # to remove label
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|||||||
Reference in New Issue
Block a user