Skip to content

Commit

Permalink
Merge pull request #190 from cisagov/improvement/add_actions-permissi…
Browse files Browse the repository at this point in the history
…ons-monitor

Add the `GitHubSecurityLab/actions-permissions/monitor` Action
  • Loading branch information
mcdonnnj authored Oct 30, 2024
2 parents 5da1059 + 343d2cc commit ff221ba
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ updates:
# - dependency-name: crazy-max/ghaction-dump-context
# - dependency-name: crazy-max/ghaction-github-labeler
# - dependency-name: crazy-max/ghaction-github-status
# - dependency-name: GitHubSecurityLab/actions-permissions
# - dependency-name: hashicorp/setup-terraform
# - dependency-name: mxschmitt/action-tmate
# - dependency-name: step-security/harden-runner
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ jobs:
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -50,6 +56,10 @@ jobs:
- diagnostics
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ jobs:
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -39,6 +45,10 @@ jobs:
issues: write
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand Down

0 comments on commit ff221ba

Please sign in to comment.