Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Code Scan] Refine GitHub Actions Workflow Permissions for Enhanced Security #4647

Merged
merged 2 commits into from
Feb 23, 2024

Conversation

gladjohn
Copy link
Contributor

Fixes #
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/security/code-scanning

Changes proposed in this request
This pull request introduces adjustments to the GitHub Actions workflow configuration to align with best practices for security, specifically adhering to the principle of least privilege. The changes aim to minimize the permissions granted to the GitHub Actions runner, reducing potential security risks while maintaining the workflow's functionality.

Testing

Performance impact
none

Documentation

@gladjohn gladjohn marked this pull request as ready for review February 23, 2024 00:01
@gladjohn gladjohn merged commit a98bcf7 into main Feb 23, 2024
8 checks passed
@gladjohn gladjohn deleted the gladjohn-perms-gh branch February 23, 2024 20:44
pmaytak pushed a commit that referenced this pull request Apr 9, 2024
…ecurity (#4647)

* Update trigger_onebranch_ci.yml

* Update benchmark-action.yml
pmaytak added a commit that referenced this pull request Apr 13, 2024
* Resolving missing test issue in classic pipeline (#4526)

Updating value for classic test run

* Remove unusused int tests (#4568)

* Remove Intune Xamarin dev apps (#4559)

* Update installEdgeDriver.ps1 to fetch Edge version dynamically (#4614)

* Update installEdgeDriver.ps1 to fetch Edge version dynamically

Update installEdgeDriver.ps1 to fetch Edge version dynamically

* Update installEdgeDriver.ps1

* Update installEdgeDriver.ps1

* Update test to use lab ppe tenant (#4620)

* Update test to use lab ppe tenant

* Update ConfidentialAppSettings.cs

* Add harden runner on benchmark-action.yml (#4640)

Update benchmark-action.yml

* Add harden runner on trigger_onebranch_ci.yml (#4641)

Update trigger_onebranch_ci.yml

* [Code Scan] Refine GitHub Actions Workflow Permissions for Enhanced Security (#4647)

* Update trigger_onebranch_ci.yml

* Update benchmark-action.yml

* Added fix for selenium tests (#4650)

* Added fix for selenium tests

* Update tests/Microsoft.Identity.Test.Integration.netfx/Infrastructure/SeleniumExtensions.cs

Co-authored-by: Bogdan Gavril <bogavril@microsoft.com>

* Address comments

---------

Co-authored-by: Bogdan Gavril <bogavril@microsoft.com>

* Removing ADAL cache compat tests (#4663)

* Removing ADAL cache compat tests

* clean up

* Disabling faulty tests

---------

Co-authored-by: trwalke <trwalke@microsoft.com>

* Use MSI based Resource Manager for Builds / Tests (#4674)

* Update template-install-keyvault-secrets.yaml

* Update template-install-keyvault-secrets.yaml

* Update template-install-keyvault-secrets.yaml

* Update template-install-keyvault-secrets.yaml

* Update template-install-keyvault-secrets.yaml

* [OneBranch] Update InstallAndroid.ps1 and install android 31  (#4675)

Update InstallAndroid.ps1

* Try to fix the tests failing on one branch (#4680)

* Delete .github/workflows/scorecard.yml

* Update to use lab app for automation (#4700)

* initial

* UseAppIdUri

* use lab vault

* LabVaultAccessCert

---------

Co-authored-by: Gladwin Johnson <gljohns@microsoft.com>

* Tests should run in headless mode

* Update Selenium dependencies (#4709)

* Update test dependency versions.

* Add no-sandbox Edge argument.

* Fix perf project.

* Fix.

* Remove no-sandbox flag.

---------

Co-authored-by: Travis Walker <travis.walker@microsoft.com>
Co-authored-by: Bogdan Gavril <bogavril@microsoft.com>
Co-authored-by: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com>
Co-authored-by: Neha Bhargava <61847233+neha-bhargava@users.noreply.github.com>
Co-authored-by: trwalke <trwalke@microsoft.com>
Co-authored-by: Gladwin Johnson <gljohns@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants