mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

Add github token permissions to improve ossf scorecard (#2992)

Browse source 
* Fix autogen issue with cronjob generator and foreach pod generator (#2989)

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* Add baseline read-all permissions

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* remove extra read-all

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* Add arm64 goarch to go releaser (#2991)

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
This commit is contained in:
Roee Landesman 2022-01-15 17:14:22 -08:00 committed by GitHub
parent 4450edc7d3
commit 3e524b5586
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/image.yaml vendored
View file

@ -4,11 +4,12 @@ on:
branches: branches:
- 'main' - 'main'
permissions: read-all
jobs: jobs:
push-init-kyverno: push-init-kyverno:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
packages: write packages: write
id-token: write id-token: write
steps: steps:
@ -60,7 +61,6 @@ jobs:
push-kyverno: push-kyverno:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
packages: write packages: write
id-token: write id-token: write
steps: steps:
@ -111,7 +111,6 @@ jobs:
push-kyverno-cli: push-kyverno-cli:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
packages: write packages: write
id-token: write id-token: write
steps: steps:

6
.github/workflows/release.yaml vendored
View file

@ -3,11 +3,13 @@ on:
push: push:
tags: tags:
- 'v*' - 'v*'
permissions: read-all
jobs: jobs:
release-init-kyverno: release-init-kyverno:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
packages: write packages: write
id-token: write id-token: write
steps: steps:
@ -76,7 +78,6 @@ jobs:
release-kyverno: release-kyverno:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
packages: write packages: write
id-token: write id-token: write
steps: steps:
@ -168,7 +169,6 @@ jobs:
release-kyverno-cli: release-kyverno-cli:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
packages: write packages: write
id-token: write id-token: write
steps: steps: