Skip to content

Commit

Permalink
chore(OSSF): update token permissions to improve ossf scorecard
Browse files Browse the repository at this point in the history
fix: update npm start script to run locally

revert changes for npm start and remove packages write permission
  • Loading branch information
laukik-target committed Nov 26, 2024
1 parent 50ccb18 commit 6e43ec9
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 5 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@ on:
branches: [ main ]

permissions:
contents: read
pull-requests: write
actions: read
statuses: write

jobs:
build:
Expand Down Expand Up @@ -78,5 +81,3 @@ jobs:
wait-on: "http://localhost:3000"
wait-on-timeout: 120
run: npm run cypress:run


6 changes: 6 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ on:
schedule:
- cron: '25 10 * * 1'

permissions:
security-events: write
contents: read
actions: read
statuses: write

jobs:
analyze:
name: Analyze
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ permissions:
jobs:
dependency-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write

steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
Expand Down
7 changes: 6 additions & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Code Cleanliness

on: [pull_request]

permissions:
contents: read
pull-requests: none
actions: read

env: # environment variables (available in any part of the action)
NODE_VERSION: 18

Expand All @@ -26,4 +31,4 @@ jobs:
- name: Code Linting
run: |
npm run lint
npm run lint --workspaces --if-present
npm run lint --workspaces --if-present
5 changes: 5 additions & 0 deletions .github/workflows/npm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Publish to NPM
on:
release:
types: [published]

permissions:
contents: read
actions: read

jobs:
build:
runs-on: ubuntu-latest
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ on:
push:
branches: [ "main" ]

# Declare default permissions as read only.
permissions: read-all
permissions:
contents: read
security-events: write
id-token: write

jobs:
analysis:
Expand Down

0 comments on commit 6e43ec9

Please sign in to comment.