From d895b8220126988094c07489a093244afc12fbcb Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sun, 21 Apr 2024 20:49:47 +0200 Subject: [PATCH 1/2] Actions: Allow manual trigger --- .github/workflows/clang-format.yml | 1 + .github/workflows/linux-mingw.yml | 1 + .github/workflows/windows-msvc.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml index 722bad0..a1e4302 100644 --- a/.github/workflows/clang-format.yml +++ b/.github/workflows/clang-format.yml @@ -22,6 +22,7 @@ on: push: schedule: - cron: '0 2 * * 5' # Every Friday at 2am + workflow_dispatch: jobs: clang-format: diff --git a/.github/workflows/linux-mingw.yml b/.github/workflows/linux-mingw.yml index e6bba8b..4ab928e 100644 --- a/.github/workflows/linux-mingw.yml +++ b/.github/workflows/linux-mingw.yml @@ -22,6 +22,7 @@ on: push: schedule: - cron: '0 2 * * 5' # Every Friday at 2am + workflow_dispatch: jobs: linux-mingw: diff --git a/.github/workflows/windows-msvc.yml b/.github/workflows/windows-msvc.yml index 55201e0..f339a6c 100644 --- a/.github/workflows/windows-msvc.yml +++ b/.github/workflows/windows-msvc.yml @@ -22,6 +22,7 @@ on: push: schedule: - cron: '0 2 * * 5' # Every Friday at 2am + workflow_dispatch: jobs: windows-msvc: From ccefcc55de7cede16bf9d916b70fd94f8c72487c Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sun, 21 Apr 2024 20:50:24 +0200 Subject: [PATCH 2/2] Actions: Drop CI permissions for security --- .github/workflows/clang-format.yml | 4 ++++ .github/workflows/linux-mingw.yml | 4 ++++ .github/workflows/windows-msvc.yml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml index a1e4302..a6dde02 100644 --- a/.github/workflows/clang-format.yml +++ b/.github/workflows/clang-format.yml @@ -17,6 +17,10 @@ name: Enforce clang-format +# Drop permissions to minimum, for security +permissions: + contents: read + on: pull_request: push: diff --git a/.github/workflows/linux-mingw.yml b/.github/workflows/linux-mingw.yml index 4ab928e..2daa76c 100644 --- a/.github/workflows/linux-mingw.yml +++ b/.github/workflows/linux-mingw.yml @@ -17,6 +17,10 @@ name: Build on Linux +# Drop permissions to minimum, for security +permissions: + contents: read + on: pull_request: push: diff --git a/.github/workflows/windows-msvc.yml b/.github/workflows/windows-msvc.yml index f339a6c..1bbb80e 100644 --- a/.github/workflows/windows-msvc.yml +++ b/.github/workflows/windows-msvc.yml @@ -17,6 +17,10 @@ name: Build on Windows +# Drop permissions to minimum, for security +permissions: + contents: read + on: pull_request: push: