From 930011ff5a17d997181593920aeeb88663e72d9c Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Fri, 15 Nov 2024 17:49:35 -0600 Subject: [PATCH] Update permissions at top level and add environment --- .github/workflows/bicep-build-to-validate.yml | 3 +++ .github/workflows/gh-ado-sync.yml | 3 +++ .github/workflows/psdocs-mdtogit.yml | 1 + .github/workflows/release-tests.yml | 3 +++ .github/workflows/scheduled-bicep-build.yml | 6 +++--- 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 2ccc6118d..4556da1b7 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -11,6 +11,9 @@ on: - "**/bicepconfig.json" workflow_dispatch: {} +permissions: + contents: read + jobs: bicep_unit_tests: name: Bicep Build & Lint All Modules diff --git a/.github/workflows/gh-ado-sync.yml b/.github/workflows/gh-ado-sync.yml index e91d19036..4a61d3da9 100644 --- a/.github/workflows/gh-ado-sync.yml +++ b/.github/workflows/gh-ado-sync.yml @@ -6,6 +6,9 @@ on: issue_comment: types: [created] +permissions: + contents: read + jobs: alert: runs-on: ubuntu-latest diff --git a/.github/workflows/psdocs-mdtogit.yml b/.github/workflows/psdocs-mdtogit.yml index 499eb5c14..1bcd3d567 100644 --- a/.github/workflows/psdocs-mdtogit.yml +++ b/.github/workflows/psdocs-mdtogit.yml @@ -27,6 +27,7 @@ jobs: permissions: contents: write runs-on: ubuntu-latest + environment: BicepUpdateDocumentation steps: - name: Harden Runner uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml index 96f053d33..67760f2c1 100644 --- a/.github/workflows/release-tests.yml +++ b/.github/workflows/release-tests.yml @@ -6,6 +6,9 @@ on: - main workflow_dispatch: {} +permissions: + contents: read + jobs: release-tests: name: Pre-Release Tests diff --git a/.github/workflows/scheduled-bicep-build.yml b/.github/workflows/scheduled-bicep-build.yml index a8a2e588f..addfd80ec 100644 --- a/.github/workflows/scheduled-bicep-build.yml +++ b/.github/workflows/scheduled-bicep-build.yml @@ -1,13 +1,13 @@ name: Unit Tests - Scheduled Bicep Build -permissions: - contents: read - on: schedule: - cron: "0 8 * * 1-5" workflow_dispatch: {} +permissions: + contents: read + jobs: bicep_unit_tests: name: Bicep Build & Lint All Modules