diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index 4ebfac8..de19fa0 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - id: get-secrets - uses: grafana/shared-workflows/actions/get-vault-secrets@main + uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses] with: repo_secrets: | GITHUB_APP_ID=grafana-oss-big-tent:app-id diff --git a/.github/workflows/compatibility-50.yml b/.github/workflows/compatibility-50.yml index 5268d22..db5cd93 100644 --- a/.github/workflows/compatibility-50.yml +++ b/.github/workflows/compatibility-50.yml @@ -1,5 +1,6 @@ name: zabbix_50 run-name: Compatibility with Zabbix 5.0 test +permissions: {} on: push: @@ -13,6 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-go@v5.3.0 diff --git a/.github/workflows/compatibility-60.yml b/.github/workflows/compatibility-60.yml index 874a302..6787898 100644 --- a/.github/workflows/compatibility-60.yml +++ b/.github/workflows/compatibility-60.yml @@ -1,5 +1,6 @@ name: zabbix_60 run-name: Compatibility with Zabbix 6.0 test +permissions: {} on: push: @@ -13,6 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-go@v5.3.0 diff --git a/.github/workflows/compatibility-70.yml b/.github/workflows/compatibility-70.yml index a554d85..a15baa4 100644 --- a/.github/workflows/compatibility-70.yml +++ b/.github/workflows/compatibility-70.yml @@ -1,5 +1,6 @@ name: zabbix_70 run-name: Compatibility with Zabbix 7.0 test +permissions: {} on: push: @@ -13,6 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-go@v5.3.0 diff --git a/.github/workflows/compatibility-72.yml b/.github/workflows/compatibility-72.yml index 3c4b7d0..a9b00ca 100644 --- a/.github/workflows/compatibility-72.yml +++ b/.github/workflows/compatibility-72.yml @@ -1,5 +1,6 @@ name: zabbix_72 run-name: Compatibility with Zabbix 7.2 test +permissions: {} on: push: @@ -13,6 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-go@v5.3.0 diff --git a/.github/workflows/is-compatible.yml b/.github/workflows/is-compatible.yml index 93321de..735915f 100644 --- a/.github/workflows/is-compatible.yml +++ b/.github/workflows/is-compatible.yml @@ -1,11 +1,14 @@ name: Latest Grafana API compatibility check on: [pull_request] +permissions: {} jobs: compatibilitycheck: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-node@v3 with: node-version-file: '.nvmrc' diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 91e4113..ccc7c56 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,5 +1,6 @@ name: Plugins - CD run-name: Deploy ${{ inputs.branch }} to ${{ inputs.environment }} by @${{ github.actor }} +permissions: {} on: workflow_dispatch: diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 252f37c..ffb878f 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -1,4 +1,5 @@ name: Plugins - CI +permissions: {} on: push: