Restrict permissions and pin "uses:"

pull/565/head^2
probonopd 4 months ago committed by GitHub
parent 3b033db4af
commit dd5459eece
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 8
      .github/workflows/pr-comment.yml

@ -12,10 +12,16 @@ jobs:
name: Add artifact links to PR and issues name: Add artifact links to PR and issues
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
# Restrict permissions for the GITHUB_TOKEN, https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
permissions:
issues: write
pull-requests: write
actions: read
steps: steps:
- name: Add artifact links to PR and issues - name: Add artifact links to PR and issues
if: github.event.workflow_run.event == 'pull_request' if: github.event.workflow_run.event == 'pull_request'
uses: tonyhallett/artifacts-url-comments@v1.1.0 uses: tonyhallett/artifacts-url-comments@0965ff1a7ae03c5c1644d3c30f956effea4e05ef # v1.1.0
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:

Loading…
Cancel
Save