headlamp
headlamp copied to clipboard
Published
20 hours ago •
headlamp-k8s
headlamp-k8s
github actions: Fix token permissions
The check on the headlamp OpenSSF scorecard identifies some actions we need to limit the token permissions for.
We already made some fixes for this recently, but there are still some problems. See more details on this topic here: https://github.com/ossf/scorecard/blob/7ce8609469289d5f3b1bf5ee3122f42b4e3054fb/docs/checks.md#token-permissions
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/app-artifacts-linux.yml:19
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/app-artifacts-linux.yml:18
Info: jobLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-mac.yml:22
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/app-artifacts-mac.yml:23
Info: jobLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-mac.yml:72
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/app-artifacts-mac.yml:146
Info: jobLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-mac.yml:147
Info: jobLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-win.yml:22
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/app-artifacts-win.yml:23
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/build-container.yml:26
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/draft-release.yml:17
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/helm-chart-release.yml:21
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-to-update-chart.yml:21
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-to-update-homebrew.yml:17
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-to-update-minikube.yml:22
Info: topLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-linux.yml:12
Info: topLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-mac.yml:16
Info: topLevel 'contents' permission set to 'read': .github/workflows/app-artifacts-win.yml:16
Info: topLevel 'contents' permission set to 'read': .github/workflows/app.yml:22
Info: topLevel 'contents' permission set to 'read': .github/workflows/backend-test.yml:9
Info: topLevel 'contents' permission set to 'read': .github/workflows/backend.yml:17
Info: topLevel 'contents' permission set to 'read': .github/workflows/build-container.yml:19
Info: topLevel 'contents' permission set to 'read': .github/workflows/container-publish.yml:17
Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-extension-release.yml:10
Info: topLevel 'contents' permission set to 'read': .github/workflows/draft-release.yml:12
Info: topLevel 'contents' permission set to 'read': .github/workflows/frontend.yml:22
Info: topLevel 'contents' permission set to 'read': .github/workflows/helm-chart-lint-test.yml:10
Info: topLevel 'contents' permission set to 'read': .github/workflows/helm-chart-release.yml:16
Info: topLevel 'contents' permission set to 'read': .github/workflows/helm-chart-template-test.yml:10
Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-to-update-chart.yml:12
Warn: no topLevel permission defined: .github/workflows/pr-to-update-homebrew.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-to-update-minikube.yml:13
Warn: no topLevel permission defined: .github/workflows/pr-to-update-winget.yml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard-analysis.yml:13
Info: topLevel 'contents' permission set to 'read': .github/workflows/trigger-flatpak-update.yml:11
