mirror of
https://github.com/super-linter/super-linter.git
synced 2024-09-20 03:17:21 -04:00
4471e9f322
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
---
|
|
#########################
|
|
#########################
|
|
## Version GitHub Tags ##
|
|
#########################
|
|
#########################
|
|
|
|
#
|
|
# Documentation:
|
|
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
|
#
|
|
|
|
##########################
|
|
# Name of the action job #
|
|
##########################
|
|
name: GitHub Tag Update
|
|
|
|
#####################################################
|
|
# Run the job when a release is published or edited #
|
|
#####################################################
|
|
on:
|
|
release:
|
|
types: [published, edited]
|
|
|
|
#################
|
|
# Start the job #
|
|
#################
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
actions-tagger:
|
|
permissions:
|
|
contents: write # for Actions-R-Us/actions-tagger to create a release and add latest tag
|
|
runs-on: windows-latest
|
|
timeout-minutes: 60
|
|
steps:
|
|
#############################
|
|
# Check out the latest code #
|
|
#############################
|
|
- uses: actions/checkout@v3
|
|
|
|
######################
|
|
# Run the tag action #
|
|
######################
|
|
- uses: Actions-R-Us/actions-tagger@v2.0.2
|
|
with:
|
|
publish_latest_tag: true
|
|
env:
|
|
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
|