From 93e344e2d7cb9433dd0d1aa89195209ccc469e6a Mon Sep 17 00:00:00 2001 From: Alex Date: Thu, 8 Dec 2022 20:29:33 +0200 Subject: [PATCH 1/2] build: harden nodejs-test.yml permissions Signed-off-by: Alex --- .github/workflows/nodejs-test.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/nodejs-test.yml b/.github/workflows/nodejs-test.yml index 44b583c5..184339fe 100644 --- a/.github/workflows/nodejs-test.yml +++ b/.github/workflows/nodejs-test.yml @@ -11,6 +11,9 @@ env: FORCE_COLOR: 2 NODE_COV: lts/* # The Node.js version to run coveralls on +permissions: + contents: read # to fetch code (actions/checkout) + jobs: lint: runs-on: ubuntu-latest @@ -24,6 +27,10 @@ jobs: - run: npm run lint test: + permissions: + contents: read # to fetch code (actions/checkout) + checks: write # to create new checks (coverallsapp/github-action) + name: Node ${{ matrix.node }} runs-on: ubuntu-latest From b3d085ec2c4ffff7ea97923d3b4f381dcfe251e6 Mon Sep 17 00:00:00 2001 From: sashashura Date: Thu, 8 Dec 2022 21:01:15 +0100 Subject: [PATCH 2/2] Fix prettier --- .github/workflows/nodejs-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nodejs-test.yml b/.github/workflows/nodejs-test.yml index 184339fe..09163795 100644 --- a/.github/workflows/nodejs-test.yml +++ b/.github/workflows/nodejs-test.yml @@ -12,7 +12,7 @@ env: NODE_COV: lts/* # The Node.js version to run coveralls on permissions: - contents: read # to fetch code (actions/checkout) + contents: read # to fetch code (actions/checkout) jobs: lint: @@ -28,8 +28,8 @@ jobs: test: permissions: - contents: read # to fetch code (actions/checkout) - checks: write # to create new checks (coverallsapp/github-action) + contents: read # to fetch code (actions/checkout) + checks: write # to create new checks (coverallsapp/github-action) name: Node ${{ matrix.node }} runs-on: ubuntu-latest