From 7e1770e35545990d4d28a61891c9287a1a379640 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Fri, 9 Jun 2023 17:46:23 +0100 Subject: [PATCH 1/2] ci(validate-workflows-files): restrict job permissions; only run on workflow changes --- .../workflows/validate-workflows-files.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate-workflows-files.yml b/.github/workflows/validate-workflows-files.yml index 4dd5a40..7f12b3d 100644 --- a/.github/workflows/validate-workflows-files.yml +++ b/.github/workflows/validate-workflows-files.yml @@ -1,12 +1,23 @@ name: Validate workflows files -on: [ push, pull_request ] +on: + push: + branches: + - main + paths: + - '.github/workflows/**' + pull_request: + paths: + - '.github/workflows/**' jobs: validate: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + permissions: + contents: read steps: - - name: Checkout - uses: actions/checkout@v3 + - uses: actions/checkout@v3 + with: + persist-credentials: false - name: Install action-validator with asdf uses: asdf-vm/actions/install@v2 From 5f169ac2200d48068777b7b2631737017b2b904a Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Fri, 9 Jun 2023 17:51:44 +0100 Subject: [PATCH 2/2] ci(validate-workflows-files): sigh --- .github/workflows/validate-workflows-files.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-workflows-files.yml b/.github/workflows/validate-workflows-files.yml index 7f12b3d..8f24df8 100644 --- a/.github/workflows/validate-workflows-files.yml +++ b/.github/workflows/validate-workflows-files.yml @@ -4,10 +4,10 @@ on: branches: - main paths: - - '.github/workflows/**' + - '.github/workflows/*.yml' pull_request: paths: - - '.github/workflows/**' + - '.github/workflows/*.yml' jobs: validate: