Pi-Hole/docker-pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/docker-pi-hole.git synced 2025-12-20 02:18:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1970 from pi-hole/gha-perms

Browse Source 
Add explicit permission to workflows
This commit is contained in:
Adam Warner
2025-12-15 11:39:09 +00:00
committed by GitHub
parent 4cec89b671 c97651f4b7
commit 9fbc31da8c
8 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/build-and-publish.yml vendored
View File

@@ -8,6 +8,9 @@ on:
release: release:
types: [published] types: [published]
permissions:
contents: read
packages: write
env: env:
dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole

3
.github/workflows/build-and-test.yml vendored
View File

@@ -2,6 +2,9 @@ name: Build Image and Test
on: on:
pull_request: pull_request:
permissions:
contents: read
jobs: jobs:
build-and-test: build-and-test:
runs-on: ${{ matrix.runner }} runs-on: ${{ matrix.runner }}

3
.github/workflows/codespell.yml vendored
View File

@@ -3,6 +3,9 @@ on:
pull_request: pull_request:
types: [opened, synchronize, reopened, ready_for_review] types: [opened, synchronize, reopened, ready_for_review]
permissions:
contents: read
jobs: jobs:
spell-check: spell-check:
if: github.event.pull_request.draft == false if: github.event.pull_request.draft == false

3
.github/workflows/editorconfig.yml vendored
View File

@@ -3,6 +3,9 @@ on:
pull_request: pull_request:
types: [opened, synchronize, reopened, ready_for_review] types: [opened, synchronize, reopened, ready_for_review]
permissions:
contents: read
jobs: jobs:
editorconfig-checker: editorconfig-checker:
if: github.event.pull_request.draft == false if: github.event.pull_request.draft == false

3
.github/workflows/housekeeping.yml vendored
View File

@@ -4,6 +4,9 @@ on:
schedule: schedule:
- cron: "0 0 * * *" - cron: "0 0 * * *"
permissions:
packages: write
jobs: jobs:
housekeeping: housekeeping:
runs-on: ubuntu-latest runs-on: ubuntu-latest

4
.github/workflows/merge-conflict.yml vendored
View File

@@ -8,6 +8,10 @@ on:
pull_request_target: pull_request_target:
types: [synchronize] types: [synchronize]
permissions:
contents: read
pull-requests: write
jobs: jobs:
main: main:
runs-on: ubuntu-latest runs-on: ubuntu-latest

4
.github/workflows/stale.yml vendored
View File

@@ -6,6 +6,10 @@ on:
workflow_dispatch: workflow_dispatch:
issue_comment: issue_comment:
permissions:
issues: write
pull-requests: write
env: env:
stale_label: stale stale_label: stale

4
.github/workflows/sync-back-to-dev.yml vendored
View File

@@ -5,6 +5,10 @@ on:
branches: branches:
- master - master
permissions:
contents: write
pull-requests: write
jobs: jobs:
sync-branches: sync-branches:
runs-on: ubuntu-latest runs-on: ubuntu-latest