Commit graph

14 commits

Author SHA1 Message Date
nathannaveen
4471e9f322
Set permissions for GitHub actions (#2752)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
2022-04-11 14:52:49 -05:00
dependabot[bot]
5d5ae35998 Bump actions/checkout from 2.4.0 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 12:53:35 -05:00
Brett Logan
6e6d1348a6
Add Actions names 2022-02-21 10:17:34 -05:00
Masaya Suzuki
60ccdfca87
Add CI timeout (#2127) 2021-11-15 10:25:36 -06:00
dependabot[bot]
8bdd5deb1f
Bump actions/checkout from 2.3.4 to 2.4.0 (#2096)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-10 11:53:31 -06:00
dependabot[bot]
903d730a21
Bump Actions-R-Us/actions-tagger from v2.0.1 to v2.0.2 (#1419)
Bumps [Actions-R-Us/actions-tagger](https://github.com/Actions-R-Us/actions-tagger) from v2.0.1 to v2.0.2.
- [Release notes](https://github.com/Actions-R-Us/actions-tagger/releases)
- [Commits](https://github.com/Actions-R-Us/actions-tagger/compare/v2.0.1...f411bd910a5ad370d4511517e3eac7ff887c90ea)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lukas Gravley <admiralawkbar@github.com>
2021-04-30 17:09:49 -05:00
dependabot[bot]
134c891be0
Bump actions/checkout from v2.3.3 to v2.3.4
Bumps [actions/checkout](https://github.com/actions/checkout) from v2.3.3 to v2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.3...5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f)

Signed-off-by: dependabot[bot] <support@github.com>
2020-11-04 05:43:17 +00:00
dependabot[bot]
55bdf97202
Bump actions/checkout from v2.3.2 to v2.3.3
Bumps [actions/checkout](https://github.com/actions/checkout) from v2.3.2 to v2.3.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.2...a81bbbf8298c0fa03ea29cdc473d45769f953675)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-24 05:42:06 +00:00
dependabot[bot]
6da5e0756a
Bump actions/checkout from v2.3.1 to v2.3.2
Bumps [actions/checkout](https://github.com/actions/checkout) from v2.3.1 to v2.3.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.1...2036a08e25fa78bbd946711a407b529a0a1204bf)

Signed-off-by: dependabot[bot] <support@github.com>
2020-08-10 05:38:32 +00:00
dependabot[bot]
682eafc49d
Bump Actions-R-Us/actions-tagger from v2.0.0 to v2.0.1
Bumps [Actions-R-Us/actions-tagger](https://github.com/Actions-R-Us/actions-tagger) from v2.0.0 to v2.0.1.
- [Release notes](https://github.com/Actions-R-Us/actions-tagger/releases)
- [Commits](https://github.com/Actions-R-Us/actions-tagger/compare/v2.0.0...95c51c646e75db5c6b7d447e3087bcee58677341)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-06 13:12:47 +00:00
Eric Nemchik
56609617a9 Use full version numbers for GHA
Dependabot will update these automatically
2020-07-02 20:16:27 -05:00
Lucas Gravley
517c8acb5e cleanup versioning file 2020-07-01 08:12:09 -05:00
Thomas Hughes
2067571f1f
Fix versioning.yml 2020-06-29 11:36:18 -05:00
Thomas Hughes
06e237d19e
Add actions-tagger workflow to automate version tags 2020-06-29 10:39:09 -05:00