nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-27 00:44:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: restrictive permission for gh actions

Browse Source
This commit is contained in:
ruthra kumar
2025-06-17 15:41:48 +05:30
parent 10a83698eb
commit fa82d3fbb1
12 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/backport.yml vendored
View File

@@ -5,6 +5,9 @@ on:
- closed - closed
- labeled - labeled
permissions:
contents: read
jobs: jobs:
main: main:
runs-on: ubuntu-latest runs-on: ubuntu-latest

4
.github/workflows/docker-release.yml vendored
View File

@@ -2,6 +2,10 @@ name: Trigger Docker build on release
on: on:
release: release:
types: [released] types: [released]
permissions:
contents: read
jobs: jobs:
curl: curl:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/docs-checker.yml vendored
View File

@@ -3,6 +3,9 @@ on:
pull_request: pull_request:
types: [ opened, synchronize, reopened, edited ] types: [ opened, synchronize, reopened, edited ]
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest

4
.github/workflows/initiate_release.yml vendored
View File

@@ -2,6 +2,10 @@
# To add/remove versions just modify the matrix. # To add/remove versions just modify the matrix.
name: Create weekly release pull requests name: Create weekly release pull requests
permissions:
contents: read
on: on:
schedule: schedule:
# 9:30 UTC => 3 PM IST Tuesday # 9:30 UTC => 3 PM IST Tuesday

4
.github/workflows/labeller.yml vendored
View File

@@ -3,6 +3,10 @@ on:
pull_request_target: pull_request_target:
types: [opened, reopened] types: [opened, reopened]
permissions:
issues: write
pull-requests: write
jobs: jobs:
triage: triage:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/linters.yml vendored
View File

@@ -3,6 +3,9 @@ name: Linters
on: on:
pull_request: { } pull_request: { }
permissions:
contents: read
jobs: jobs:
linters: linters:

3
.github/workflows/patch.yml vendored
View File

@@ -10,6 +10,9 @@ on:
- '**.csv' - '**.csv'
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
concurrency: concurrency:
group: patch-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }} group: patch-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: true cancel-in-progress: true

4
.github/workflows/release.yml vendored
View File

@@ -3,6 +3,10 @@ on:
push: push:
branches: branches:
- version-13 - version-13
permissions:
contents: read
jobs: jobs:
release: release:
name: Release name: Release

3
.github/workflows/run-indinvidual-tests.yml vendored
View File

@@ -7,6 +7,9 @@ concurrency:
group: server-individual-tests-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }} group: server-individual-tests-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: false cancel-in-progress: false
permissions:
contents: read
jobs: jobs:
discover: discover:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/server-tests-mariadb-faux.yml vendored
View File

@@ -10,6 +10,9 @@ on:
- "**.md" - "**.md"
- "**.html" - "**.html"
permissions:
contents: read
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/server-tests-mariadb.yml vendored
View File

@@ -25,6 +25,9 @@ on:
required: false required: false
type: string type: string
permissions:
contents: read
concurrency: concurrency:
group: server-mariadb-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }} group: server-mariadb-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: true cancel-in-progress: true

3
.github/workflows/server-tests-postgres.yml vendored
View File

@@ -12,6 +12,9 @@ concurrency:
group: server-postgres-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }} group: server-postgres-develop-${{ github.event_name }}-${{ github.event.number || github.event_name == 'workflow_dispatch' && github.run_id || '' }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
test: test:
if: ${{ contains(github.event.pull_request.labels.*.name, 'postgres') }} if: ${{ contains(github.event.pull_request.labels.*.name, 'postgres') }}