archive-gh-me/gopass
1
0
Fork 0
mirror of https://github.com/gopasspw/gopass.git synced 2025-12-08 19:24:54 +00:00
Code Issues Projects Releases Wiki Activity
1,536 Commits 20 Branches 99 Tags
Commit Graph

9 Commits

Author SHA1 Message Date
nathannaveen
811d42af20
Set permissions for GitHub actions (#2189) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-12-01 10:42:49 +01:00
Dominik Schulz
e9b365a455
Use different concurrency groups for different workflows (#2365) 
See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency

RELEASE_NOTES=n/a

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
 2022-09-28 22:57:41 +02:00
dependabot[bot]
78e67e2954
Bump github/codeql-action from 1 to 2 (#2198) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-26 09:47:29 +02:00
Yolan Romailler
c3f1a901e5
Adding concurrency to GHA (#2194) 
RELEASE_NOTES=n/a

Signed-off-by: Yolan Romailler <anomalroil@users.noreply.github.com>
 2022-04-20 22:28:57 +02:00
dependabot[bot]
57be868333
Bump actions/checkout from 2.4.0 to 3 (#2148) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-02 09:29:53 +01:00
dependabot[bot]
b490c57e97
Bump actions/checkout from 2.3.5 to 2.4.0 (#2021) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-11-03 06:27:01 +01:00
dependabot[bot]
8908d02b7c
Bump actions/checkout from 2.3.4 to 2.3.5 (#2013) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-18 20:29:00 +02:00
dependabot[bot]
370dda1522
Bump actions/checkout from 2 to 2.3.4 (#1924) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 21:13:59 +02:00
Dominik Schulz
57f7c2cdf4
Create codeql-analysis.yml 2021-01-20 21:18:41 +01:00