4577254e20
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
38 lines
925 B
YAML
38 lines
925 B
YAML
name: Update Repository
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
|
|
apt-armbian-com:
|
|
permissions:
|
|
contents: none
|
|
uses: armbian/scripts/.github/workflows/update-repository.yml@master
|
|
|
|
with:
|
|
KEY_ID: 'repository'
|
|
|
|
secrets:
|
|
KEY_REPOSITORY: ${{ secrets.KEY_REPOSITORY }}
|
|
USER_REPOSITORY: ${{ secrets.USER_REPOSITORY }}
|
|
HOST_REPOSITORY: ${{ secrets.HOST_REPOSITORY }}
|
|
KNOWN_HOSTS_REPOSITORY: ${{ secrets.KNOWN_HOSTS_REPOSITORY }}
|
|
|
|
beta-armbian-com:
|
|
permissions:
|
|
contents: none
|
|
uses: armbian/scripts/.github/workflows/update-repository.yml@master
|
|
|
|
with:
|
|
KEY_ID: 'repository-beta'
|
|
|
|
secrets:
|
|
KEY_REPOSITORY: ${{ secrets.KEY_REPOSITORY_BETA }}
|
|
USER_REPOSITORY: ${{ secrets.USER_REPOSITORY }}
|
|
HOST_REPOSITORY: ${{ secrets.HOST_REPOSITORY }}
|
|
KNOWN_HOSTS_REPOSITORY: ${{ secrets.KNOWN_HOSTS_REPOSITORY }}
|