From f0730237e2987be9f0f90716d808620d143efb36 Mon Sep 17 00:00:00 2001 From: TheBusyBiscuit Date: Tue, 12 Jul 2022 15:05:15 +0200 Subject: [PATCH] [CI skip] Configured remaining workflow permissions Hopefully I did this right? :eyes: --- .github/workflows/auto-approve.yml | 8 +++++--- .github/workflows/discord-webhook.yml | 3 +++ .github/workflows/duplicates.yml | 4 ++++ .github/workflows/label-resolved-issues.yml | 4 ++++ .github/workflows/merge-conflicts.yml | 4 ++++ .github/workflows/pr-labels.yml | 4 ++++ .github/workflows/translator-webhook.yml | 3 +++ .github/workflows/yaml-linter.yml | 3 +++ .gitignore | 1 + 9 files changed, 31 insertions(+), 3 deletions(-) diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 1038c7659..a183eb596 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -8,12 +8,14 @@ permissions: jobs: auto-approve: - permissions: - pull-requests: write # for hmarr/auto-approve-action to approve PRs name: Auto approve Pull Request runs-on: ubuntu-latest - ## Only run this on the main repo + # for hmarr/auto-approve-action to approve PRs + permissions: + pull-requests: write + + # Only run this on the main repo if: github.event.pull_request.head.repo.full_name == 'Slimefun/Slimefun4' steps: diff --git a/.github/workflows/discord-webhook.yml b/.github/workflows/discord-webhook.yml index 8385c1614..fce2d4657 100644 --- a/.github/workflows/discord-webhook.yml +++ b/.github/workflows/discord-webhook.yml @@ -7,6 +7,9 @@ on: - '!src/main/resources/languages/**' - 'pom.xml' +permissions: + contents: read + jobs: report: diff --git a/.github/workflows/duplicates.yml b/.github/workflows/duplicates.yml index a8883a408..7cb94d0dc 100644 --- a/.github/workflows/duplicates.yml +++ b/.github/workflows/duplicates.yml @@ -4,6 +4,10 @@ on: issue_comment: types: [created] +permissions: + contents: read + issues: write + jobs: comment: diff --git a/.github/workflows/label-resolved-issues.yml b/.github/workflows/label-resolved-issues.yml index f9b006c09..5a54fb314 100644 --- a/.github/workflows/label-resolved-issues.yml +++ b/.github/workflows/label-resolved-issues.yml @@ -4,6 +4,10 @@ on: issues: types: [closed] +permissions: + contents: read + issues: write + jobs: label: diff --git a/.github/workflows/merge-conflicts.yml b/.github/workflows/merge-conflicts.yml index 71b8d025f..c82850c2a 100644 --- a/.github/workflows/merge-conflicts.yml +++ b/.github/workflows/merge-conflicts.yml @@ -5,6 +5,10 @@ on: branches: - master +permissions: + contents: read + issues: write + jobs: validate: diff --git a/.github/workflows/pr-labels.yml b/.github/workflows/pr-labels.yml index 1ee6627e9..a418b3d66 100644 --- a/.github/workflows/pr-labels.yml +++ b/.github/workflows/pr-labels.yml @@ -5,6 +5,10 @@ on: types: - opened +permissions: + contents: read + issues: write + jobs: pr-labeler: diff --git a/.github/workflows/translator-webhook.yml b/.github/workflows/translator-webhook.yml index f93a2aeff..ec8328f89 100644 --- a/.github/workflows/translator-webhook.yml +++ b/.github/workflows/translator-webhook.yml @@ -7,6 +7,9 @@ on: paths: - 'src/main/resources/languages/en/**.yml' +permissions: + contents: read + jobs: notify: diff --git a/.github/workflows/yaml-linter.yml b/.github/workflows/yaml-linter.yml index d81a60d1c..31f2063dc 100644 --- a/.github/workflows/yaml-linter.yml +++ b/.github/workflows/yaml-linter.yml @@ -8,6 +8,9 @@ on: branches: - master +permissions: + contents: read + jobs: linter: diff --git a/.gitignore b/.gitignore index 7f69a2959..fda2f4a05 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,5 @@ dependency-reduced-pom.xml .factorypath .project *.iml +*.bak .DS_Store \ No newline at end of file