Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Set permissions for GitHub actions #10816

Merged
merged 1 commit into from
Jul 3, 2022
Merged

chore: Set permissions for GitHub actions #10816

merged 1 commit into from
Jul 3, 2022

Conversation

naveensrinivasan
Copy link
Contributor

@naveensrinivasan
chore: Set permissions for GitHub actions
a4ac043 
 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
@rust-highfive
Copy link

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @ehuss (or someone else) soon.

Please see the contribution instructions for more information.

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jul 3, 2022
@epage
Copy link
Contributor

epage commented Jul 3, 2022

@bors r+

@bors
Copy link
Contributor

bors commented Jul 3, 2022

📌 Commit a4ac043 has been approved by epage

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jul 3, 2022
@bors
Copy link
Contributor

bors commented Jul 3, 2022

⌛ Testing commit a4ac043 with merge 64c803f...

@bors
Copy link
Contributor

bors commented Jul 3, 2022

☀️ Test successful - checks-actions
Approved by: epage
Pushing 64c803f to master...

@bors bors merged commit 64c803f into rust-lang:master Jul 3, 2022
@ehuss ehuss mentioned this pull request Jul 5, 2022
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Jul 5, 2022
@bors
Auto merge of rust-lang#98954 - ehuss:update-cargo, r=ehuss
7b46aa5 
Update cargo

9 commits in dbff32b27893b899ae2397f3d56d1be111041d56..c0bbd42ce5e83fe2a93e817c3f9b955492d3130a
2022-06-24 19:25:13 +0000 to 2022-07-03 13:41:11 +0000
- fix typo (rust-lang/cargo#10818)
- fix(add): Don't panic with `--offline` (rust-lang/cargo#10817)
- chore: Set permissions for GitHub actions (rust-lang/cargo#10816)
- Bump to 0.65.0, update changelog (rust-lang/cargo#10812)
- Fix zsh completions for add and locate-project (rust-lang/cargo#10810)
- Bump cargo-util version. (rust-lang/cargo#10804)
- Update os_info (rust-lang/cargo#10802)
- Fix deserialization of check-cfg in config.toml (rust-lang/cargo#10799)
- fix: bash complete `install --path` with dirs (rust-lang/cargo#10798)
@ehuss ehuss added this to the 1.64.0 milestone Jul 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ehuss ehuss

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.64.0
Development

Successfully merging this pull request may close these issues.
5 participants
@naveensrinivasan @rust-highfive @epage @bors @ehuss