Skip to content
Reviewdog

chore: Be stricter on action permissions #37

Sign in to view logs

chore: Be stricter on action permissions

chore: Be stricter on action permissions #37

Workflow file for this run

.github/workflows/reviewdog.yml at 688c153
name: Reviewdog
on:
pull_request:
permissions: {}
jobs:
typos:
if: ${{ github.event.action != 'closed' }}
name: Typos
runs-on: ubuntu-22.04
permissions:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
raw.githubusercontent.com:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
with:
persist-credentials: false
- uses: reviewdog/action-typos@2d77b519f5787ca723660c00f9bc82d61b63f5fe #v1.16.0
actionlint:
if: ${{ github.event.action != 'closed' }}
name: Actionlint
runs-on: ubuntu-22.04
permissions:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
with:
persist-credentials: false
- uses: reviewdog/action-actionlint@db58217885f9a6570da9c71be4e40ec33fe44a1f #v1.65.0
standardrb:
if: ${{ github.event.action != 'closed' }}
name: 'Ruby: Standard'
runs-on: ubuntu-22.04
permissions:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
index.rubygems.org:443
objects.githubusercontent.com:443
raw.githubusercontent.com:443
rubygems.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@277ba2a127aba66d45bad0fa2dc56f80dbfedffa #v1.222.0
with:
ruby-version: '3.3'
bundler-cache: true
- uses: kirillplatonov/action-standard@ce7fc0be158421b01e5d9dc20eef1dcabcf18e4b #v1.0.1
with:
skip_install: true
use_bundler: true