CodeCow/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-06-16 21:06:35 +08:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
7ab15bd4ce
freeCodeCamp/.github/workflows
History
Naveen f2580f58a6
chore: set permissions for GitHub actions (#45876) 
* chore: Set permissions for GitHub actions

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* Update .github/workflows/codeql-analysis.yml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

* Update .github/workflows/labeler.yaml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

* Update .github/workflows/node.js-tests-upcoming.yml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

* Update .github/workflows/node.js-tests.yml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

* Update .github/workflows/codeql-analysis.yml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

* Update .github/workflows/labeler.yaml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

* Update .github/workflows/labeler.yaml

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>
2022-05-08 15:17:44 +05:30
..
autoclose.yml chore(deps): update actions/github-script action to v6 2022-03-03 06:12:27 +00:00
codeql-analysis.yml chore: set permissions for GitHub actions (#45876) 2022-05-08 15:17:44 +05:30
codesee-diagram.yml fix(ci/cd): chill-out on weekends (#45365) 2022-03-07 14:15:45 +01:00
crowdin-download.client-ui.yml chore: correct comments in github workflows files (#45855) 2022-05-03 11:23:02 -07:00
crowdin-download.curriculum.yml chore: correct comments in github workflows files (#45855) 2022-05-03 11:23:02 -07:00
crowdin-download.docs.yml chore: correct comments in github workflows files (#45855) 2022-05-03 11:23:02 -07:00
crowdin-upload.client-ui.yml chore: correct comments in github workflows files (#45855) 2022-05-03 11:23:02 -07:00
crowdin-upload.curriculum.yml chore: correct comments in github workflows files (#45855) 2022-05-03 11:23:02 -07:00
crowdin-upload.docs.yml chore: correct comments in github workflows files (#45855) 2022-05-03 11:23:02 -07:00
cypress.yml chore(deps): update actions/upload-artifact action to v3 (#45491) 2022-03-21 07:05:26 -07:00
labeler.yaml chore: set permissions for GitHub actions (#45876) 2022-05-08 15:17:44 +05:30
no-prs-to-translation.yml chore(deps): update actions/github-script action to v6 2022-03-03 06:12:27 +00:00
node.js-tests-upcoming.yml chore: set permissions for GitHub actions (#45876) 2022-05-08 15:17:44 +05:30
node.js-tests.yml chore: set permissions for GitHub actions (#45876) 2022-05-08 15:17:44 +05:30