diff --git a/.github/workflows/add_tags.yml b/.github/workflows/add_tags.yml deleted file mode 100644 index 9b62d7c..0000000 --- a/.github/workflows/add_tags.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Warning, do not check out untrusted code with -# the pull_request_target event. -# the current workflow IS safe as long as you dont checkout untrusted code -# https://nathandavison.com/blog/github-actions-and-the-threat-of-malicious-pull-requests -on: - pull_request_target: - types: [opened, edited] -name: conventional-release-labels -jobs: - label: - runs-on: ubuntu-latest - steps: - - uses: bcoe/conventional-release-labels@v1 - with: - type_labels: '{ "feat": "feat", "fix": "fix", "chore": "chore", "refactor": "refactor", "test": "test", "breaking": "breaking" }' \ No newline at end of file diff --git a/.github/workflows/issue_to_project.yml b/.github/workflows/issue_to_project.yml deleted file mode 100644 index 0dda8ba..0000000 --- a/.github/workflows/issue_to_project.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Add issue to project -on: - issues: - types: - - opened - - reopened - -jobs: - issue_opened_or_reopened: - name: issue_opened_or_reopened - runs-on: ubuntu-latest - if: github.event.issue.user.login != 'cq-bot' - steps: - - name: Add issue to Public Roadmap - uses: leonsteinhaeuser/project-beta-automations@v2.2.1 - with: - gh_token: ${{ secrets.GH_CQ_BOT }} - organization: cloudquery - project_id: 7 - resource_node_id: ${{ github.event.issue.node_id }} diff --git a/.github/workflows/lint_golang.yml b/.github/workflows/lint_golang.yml index f50858b..389fbe2 100644 --- a/.github/workflows/lint_golang.yml +++ b/.github/workflows/lint_golang.yml @@ -7,6 +7,9 @@ on: branches: - main +permissions: + contents: read + jobs: golangci: name: Lint with GolangCI diff --git a/.github/workflows/lint_markdown.yml b/.github/workflows/lint_markdown.yml index 7dfd944..8c7db8e 100644 --- a/.github/workflows/lint_markdown.yml +++ b/.github/workflows/lint_markdown.yml @@ -6,6 +6,9 @@ on: - ".github/workflow/lint_markdown.yml" - "**.md" +permissions: + contents: read + jobs: lint-grammar: runs-on: ubuntu-latest diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml index c44b736..d234e31 100644 --- a/.github/workflows/pr_title.yml +++ b/.github/workflows/pr_title.yml @@ -7,6 +7,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: name: Validate PR title @@ -44,7 +47,7 @@ jobs: # special "[WIP]" prefix to indicate this state. This will avoid the # validation of the PR title and the pull request checks remain pending. # Note that a second check will be reported if this is enabled. - wip: true + wip: false # When using "Squash and merge" on a PR with only one commit, GitHub # will suggest using that commit message instead of the PR title for the # merge commit, and it's easy to commit this by mistake. Enable this option diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index a431fe5..5cbe3ae 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -4,6 +4,9 @@ on: branches: - main +permissions: + contents: read + jobs: release-please: runs-on: ubuntu-latest diff --git a/.github/workflows/unittest.yml b/.github/workflows/unittest.yml index 8a7d6a1..4d5ac09 100644 --- a/.github/workflows/unittest.yml +++ b/.github/workflows/unittest.yml @@ -7,6 +7,9 @@ on: branches: - main +permissions: + contents: read + jobs: unitests: strategy: @@ -16,9 +19,9 @@ jobs: steps: - name: Set git to use LF # https://github.com/actions/checkout/issues/135 if: matrix.os == 'windows-latest' - run: | - git config --global core.autocrlf false - git config --global core.eol lf + run: | + git config --global core.autocrlf false + git config --global core.eol lf - name: Check out code into the Go module directory uses: actions/checkout@v5 - name: Set up Go 1.x