fixup: ci jobs (pr testing)

Signed-off-by: Sam Gammon <[email protected]>
sgammon · Mar 8, 2024 · 15e1a43 · 15e1a43
1 parent 5801bcf
commit 15e1a43
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 6 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -24,7 +24,7 @@ permissions:
 
 jobs:
   analyze:
-    name: Analyze
+    name: CodeQL Analysis
     runs-on: ubuntu-latest
     permissions:
       actions: read

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -22,8 +22,6 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Maven Dependency Tree Dependency Submission
         uses: advanced-security/maven-dependency-submission-action@bfd2106013da0957cdede0b6c39fb5ca25ae375e # v4.0.2
-        with:
-          token: ${{ secrets.GH_GRAPH_PUBLISH_TOKEN }}
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
         continue-on-error: true

diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   validation:
-    name: "Validation"
+    name: "Gradle Wrapper Validate"
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner

diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
@@ -27,10 +27,14 @@ jobs:
     name: "Checks"
     uses: ./.github/workflows/dependency-review.yml
     permissions:
-      contents: read
+      contents: write
       id-token: write
 
   ## Run CodeQL checks
   checks-codeql:
     name: "Checks"
     uses: ./.github/workflows/codeql.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml
@@ -22,5 +22,10 @@ jobs:
     name: "Checks"
     uses: ./.github/workflows/dependency-review.yml
     permissions:
-      contents: read
+      contents: write
       id-token: write
+
+  ## Validate the Gradle Wrapper binary
+  checks-gradle-wrapper:
+    name: "Checks"
+    uses: ./.github/workflows/gradle-wrapper-validation.yml