groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-06 02:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Added permissions to github actions

Browse source
This commit is contained in:
Jan Böhmer 2025-08-30 22:15:09 +02:00
parent 80482f7294
commit 5238be1460
5 changed files with 22 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/assets_artifact_build.yml vendored
View file

@ -1,5 +1,8 @@
name: Build assets artifact name: Build assets artifact
permissions:
contents: read
on: on:
push: push:
branches: branches:

5
.github/workflows/docker_build.yml vendored
View file

@ -1,5 +1,8 @@
name: Docker Image Build name: Docker Image Build
permissions:
contents: read
on: on:
#schedule: #schedule:
# - cron: '0 10 * * *' # everyday at 10am # - cron: '0 10 * * *' # everyday at 10am
@ -73,4 +76,4 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }} tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }} labels: ${{ steps.docker_meta.outputs.labels }}
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max

5
.github/workflows/docker_frankenphp.yml vendored
View file

@ -1,5 +1,8 @@
name: Docker Image Build (FrankenPHP) name: Docker Image Build (FrankenPHP)
permissions:
contents: read
on: on:
#schedule: #schedule:
# - cron: '0 10 * * *' # everyday at 10am # - cron: '0 10 * * *' # everyday at 10am
@ -74,4 +77,4 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }} tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }} labels: ${{ steps.docker_meta.outputs.labels }}
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max

13
.github/workflows/static_analysis.yml vendored
View file

@ -1,5 +1,8 @@
name: Static analysis name: Static analysis
permissions:
contents: read
on: on:
push: push:
branches: branches:
@ -30,20 +33,20 @@ jobs:
id: composer-cache id: composer-cache
run: | run: |
echo "::set-output name=dir::$(composer config cache-files-dir)" echo "::set-output name=dir::$(composer config cache-files-dir)"
- uses: actions/cache@v4 - uses: actions/cache@v4
with: with:
path: ${{ steps.composer-cache.outputs.dir }} path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: | restore-keys: |
${{ runner.os }}-composer- ${{ runner.os }}-composer-
- name: Install dependencies - name: Install dependencies
run: composer install --prefer-dist --no-progress run: composer install --prefer-dist --no-progress
- name: Lint config files - name: Lint config files
run: ./bin/console lint:yaml config --parse-tags run: ./bin/console lint:yaml config --parse-tags
- name: Lint twig templates - name: Lint twig templates
run: ./bin/console lint:twig templates --env=prod run: ./bin/console lint:twig templates --env=prod
@ -53,13 +56,13 @@ jobs:
- name: Check dependencies for security - name: Check dependencies for security
uses: symfonycorp/security-checker-action@v5 uses: symfonycorp/security-checker-action@v5
- name: Check doctrine mapping - name: Check doctrine mapping
run: ./bin/console doctrine:schema:validate --skip-sync -vvv --no-interaction run: ./bin/console doctrine:schema:validate --skip-sync -vvv --no-interaction
# Use the -d option to raise the max nesting level # Use the -d option to raise the max nesting level
- name: Generate dev container - name: Generate dev container
run: php -d xdebug.max_nesting_level=1000 ./bin/console cache:clear --env dev run: php -d xdebug.max_nesting_level=1000 ./bin/console cache:clear --env dev
- name: Run PHPstan - name: Run PHPstan
run: composer phpstan run: composer phpstan

3
.github/workflows/tests.yml vendored
View file

@ -1,5 +1,8 @@
name: PHPUnit Tests name: PHPUnit Tests
permissions:
contents: read
on: on:
push: push:
branches: branches: