From 1a71616e0a9e83581dc93cf5361b8b45b2093a4f Mon Sep 17 00:00:00 2001 From: Ashish Kurmi Date: Wed, 7 Sep 2022 22:19:28 -0700 Subject: [PATCH 1/2] ci: add minimum GitHub token permissions for workflows Signed-off-by: Ashish Kurmi --- .github/workflows/auto-close-stale-issues.yml | 6 ++++++ .github/workflows/issues.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/auto-close-stale-issues.yml b/.github/workflows/auto-close-stale-issues.yml index 00365ce39..545583fd6 100644 --- a/.github/workflows/auto-close-stale-issues.yml +++ b/.github/workflows/auto-close-stale-issues.yml @@ -4,8 +4,14 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: stale-bot: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - uses: actions/stale@v5.1.1 diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml index 6dec15ea0..47bf6ebbe 100644 --- a/.github/workflows/issues.yml +++ b/.github/workflows/issues.yml @@ -2,8 +2,14 @@ name: Milestone Labeler on: issues: types: [milestoned] +permissions: + contents: read + jobs: apply_labels: + permissions: + issues: write # for andymckay/labeler to label issues + pull-requests: write # for andymckay/labeler to label PRs runs-on: ubuntu-latest steps: - name: Add track-internal From 9899c666ad917eda6bc4ab850ca36cc7608a5c50 Mon Sep 17 00:00:00 2001 From: Wilken Rivera Date: Mon, 12 Sep 2022 15:38:52 -0400 Subject: [PATCH 2/2] Remove unused action --- .github/workflows/issues.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/issues.yml diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml deleted file mode 100644 index 47bf6ebbe..000000000 --- a/.github/workflows/issues.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Milestone Labeler -on: - issues: - types: [milestoned] -permissions: - contents: read - -jobs: - apply_labels: - permissions: - issues: write # for andymckay/labeler to label issues - pull-requests: write # for andymckay/labeler to label PRs - runs-on: ubuntu-latest - steps: - - name: Add track-internal - uses: andymckay/labeler@1.0.4 - if: github.event.issue.pull_request == null - with: - repo-token: ${{ secrets.Github_Token }} - add-labels: "track-internal"