Merge branch 'v10/dev' into v11/dev

2022-09-20 09:13:22 +02:00
parent db5d05d641 8d5fb41ab7
commit 40035aa629
68 changed files with 1002 additions and 720 deletions
--- a/.github/workflows/add-issues-to-review-project.yml
+++ b/.github/workflows/add-issues-to-review-project.yml
@@ -5,6 +5,9 @@ on:
    types:
      - opened

+permissions:
+  contents: read
+
 jobs:
  get-user-type:
    runs-on: ubuntu-latest
@@ -43,6 +46,8 @@ jobs:
            core.setOutput("ignored", isIgnoredUser);
            console.log("Ignored is", isIgnoredUser);
  add-to-project:
+    permissions:
+      repository-projects: write # for actions/add-to-project
    if: needs.get-user-type.outputs.ignored == 'false'
    runs-on: ubuntu-latest
    needs: [get-user-type]
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -7,9 +7,16 @@ on:
    # The branches below must be a subset of the branches above
    branches: ['*/dev','*/contrib']

+permissions:
+  contents: read
+
 jobs:
  CodeQL-Build:

+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest
    permissions:
      actions: read