Elgato_dark/podman-desktop
1
0
Fork 0
mirror of https://github.com/podman-desktop/podman-desktop synced 2026-04-21 17:47:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

ci: Harden GitHub Actions

Browse source 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
StepSecurity Bot 2025-04-11 08:18:02 +00:00 committed by Florent BENOIT
parent 5175c7d9fd
commit c2ab279987
9 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/argos.yaml vendored
View file

@ -39,6 +39,9 @@ on:
- 'website/**'
- 'website-argos/**'
permissions:
contents: read
jobs:
take-screenshots:
name: take screenshots

3
.github/workflows/codecov-next.yaml vendored
View file

@ -23,6 +23,9 @@ on:
branches:
- main
permissions:
contents: read
jobs:
codecov:
name: Run tests and push coverage result

3
.github/workflows/merge-group.yaml vendored
View file

@ -19,6 +19,9 @@ name: merge-queue
on:
merge_group:
permissions:
contents: read
jobs:
dco:
name: DCO

5
.github/workflows/publish-flathub.yaml vendored
View file

@ -26,9 +26,14 @@ on:
repository_dispatch:
types: [ publish-to-flathub ]
permissions:
contents: read
jobs:
update-flathub:
permissions:
contents: write # for Git to git push
name: Publish Podman Desktop to flathub
runs-on: ubuntu-24.04
steps:

3
.github/workflows/publish-to-brew.yaml vendored
View file

@ -26,6 +26,9 @@ on:
repository_dispatch:
types: [ publish-to-brew ]
permissions:
contents: read
jobs:
publish-to-brew:

5
.github/workflows/publish-to-chocolatey.yaml vendored
View file

@ -30,6 +30,9 @@ on:
repository_dispatch:
types: [ publish-to-chocolatey ]
permissions:
contents: read
jobs:
version:
@ -56,6 +59,8 @@ jobs:
echo "desktopVersion=$version" >> ${GITHUB_OUTPUT}
winget-bump:
permissions:
contents: write # for Git to git push
name: Update Chocolatey
needs: version
runs-on: windows-2022

5
.github/workflows/publish-to-podman_io.yaml vendored
View file

@ -21,11 +21,16 @@ on:
workflow_dispatch:
inputs:
version:
permissions:
contents: write # for Git to git push
description: 'release version like 1.1.0'
required: true
repository_dispatch:
types: [ publish-to-podman_io ]
permissions:
contents: read
jobs:
version:

3
.github/workflows/publish-to-winget.yaml vendored
View file

@ -26,6 +26,9 @@ on:
repository_dispatch:
types: [ publish-to-winget ]
permissions:
contents: read
jobs:
version:

5
.github/workflows/website-next.yaml vendored
View file

@ -32,8 +32,13 @@ on:
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
permissions:
contents: read
jobs:
deploy:
permissions:
contents: write # for peaceiris/actions-gh-pages to push pages branch
name: Build and deploy website
runs-on: ubuntu-24.04
timeout-minutes: 60