open-telemetry
/
opentelemetry-java
mirror of https://github.com/open-telemetry/opentelemetry-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Continue limiting workflow permissions (#7092)

This commit is contained in:
jack-berg 2025-02-10 11:40:56 -06:00 committed by GitHub
parent 06449488ce
commit 00f00433f3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/build.yml vendored
View File

@ -12,6 +12,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
build: build:
name: Build name: Build

5
.github/workflows/generate-post-release-pr.yml vendored
View File

@ -2,6 +2,9 @@ name: Generate Post-Release PR
on: on:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
prereqs: prereqs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -15,6 +18,8 @@ jobs:
fi fi
create-pull-request-against-main: create-pull-request-against-main:
permissions:
contents: write # for git push to PR branch
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- prereqs - prereqs

5
.github/workflows/prepare-patch-release.yml vendored
View File

@ -2,8 +2,13 @@ name: Prepare patch release
on: on:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
prepare-patch-release: prepare-patch-release:
permissions:
contents: write # for git push to PR branch
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

7
.github/workflows/prepare-release-branch.yml vendored
View File

@ -2,6 +2,9 @@ name: Prepare release branch
on: on:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
prereqs: prereqs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -21,6 +24,8 @@ jobs:
fi fi
create-pull-request-against-release-branch: create-pull-request-against-release-branch:
permissions:
contents: write # for git push to PR branch
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- prereqs - prereqs
@ -70,6 +75,8 @@ jobs:
--base $RELEASE_BRANCH_NAME --base $RELEASE_BRANCH_NAME
create-pull-request-against-main: create-pull-request-against-main:
permissions:
contents: write # for git push to PR branch
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- prereqs - prereqs

7
.github/workflows/release.yml vendored
View File

@ -2,8 +2,13 @@ name: Release
on: on:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
release: release:
permissions:
contents: write # for creating the release
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
outputs: outputs:
version: ${{ steps.create-github-release.outputs.version }} version: ${{ steps.create-github-release.outputs.version }}
@ -126,6 +131,8 @@ jobs:
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
merge-change-log-to-main: merge-change-log-to-main:
permissions:
contents: write # for git push to PR branch
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- release - release

6
.github/workflows/reusable-open-issue-on-failure.yml vendored
View File

@ -3,8 +3,14 @@ name: Reusable - Open issue on workflow failure
on: on:
workflow_call: workflow_call:
permissions:
contents: read
jobs: jobs:
open-issue: open-issue:
permissions:
contents: read
issues: write # for creating the issue
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2