Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Limit GH workflow permissions #2286

Merged
merged 13 commits into from
Mar 3, 2025
Merged

chore: Limit GH workflow permissions #2286

merged 13 commits into from
Mar 3, 2025

Conversation

c-pius
Copy link
Contributor

@c-pius c-pius commented Feb 28, 2025
edited
Loading

Description

Changes proposed in this pull request:

  • removes the permissions from all GH workflows except for the ones explicitly requiring permissions, those limited to the minimum
    • permissions: { } disables all permissions for the workflow
  • changes PR Title Lint and Package Dependency Report trigger from pull_request_target to pull_request
  • note that the permissions for the remaining pull_request_target workflows (Check If Manifests Change, Check Pipeline Changes) still show the full write permissions
    • has been tested with a separate junk PR
    • the reduce permissions take effect once this is merged

Related issue(s)

@c-pius c-pius requested a review from a team as a code owner February 28, 2025 12:27
@kyma-bot kyma-bot added cla: yes Indicates the PR's author has signed the CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 28, 2025
@c-pius c-pius requested a review from a team as a code owner February 28, 2025 12:36
@c-pius c-pius changed the base branch from main to junk/test-wf-permissions-limiting February 28, 2025 12:36
@c-pius c-pius changed the title chore: Limit GH workflow permissions junk: Limit GH workflow permissions Feb 28, 2025
@c-pius c-pius changed the title junk: Limit GH workflow permissions chore: Limit GH workflow permissions Feb 28, 2025
@c-pius c-pius changed the base branch from junk/test-wf-permissions-limiting to main February 28, 2025 13:12
@kyma-bot kyma-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 28, 2025
@c-pius c-pius closed this Feb 28, 2025
@c-pius c-pius reopened this Feb 28, 2025
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@kyma-bot kyma-bot added the lgtm Looks good to me! label Mar 3, 2025
@c-pius c-pius merged commit 79d95f3 into kyma-project:main Mar 3, 2025
142 checks passed
@c-pius c-pius deleted the chore/limit-workflow-permissions branch March 3, 2025 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nesmabadr nesmabadr nesmabadr approved these changes

Assignees

@nesmabadr nesmabadr

Labels
cla: yes Indicates the PR's author has signed the CLA. lgtm Looks good to me! pipeline-changed size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check required permissions for GH actions
3 participants
@c-pius @nesmabadr @kyma-bot