root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Configure workflow permissions and enable CodeQL analysis

This commit is contained in:
Andy Wilkinson 2025-06-25 15:59:48 +01:00
parent 49fdc31532
commit 6ac842b3e8
8 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build-and-deploy-snapshot.yml vendored
View File

@ -4,6 +4,8 @@ on:
push:
branches:
- '3.4.x'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:

2
.github/workflows/ci.yml vendored
View File

@ -3,6 +3,8 @@ on:
push:
branches:
- '3.4.x'
permissions:
contents: read
jobs:
ci:
name: '${{ matrix.os.name}} | Java ${{ matrix.java.version}}'

2
.github/workflows/distribute.yml vendored
View File

@ -15,6 +15,8 @@ on:
description: 'Version to bundle and distribute'
required: true
type: string
permissions:
contents: read
jobs:
distribute-spring-enterprise-release-bundle:
runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }}

2
.github/workflows/release-milestone.yml vendored
View File

@ -4,6 +4,8 @@ on:
tags:
- v3.4.0-M[0-9]
- v3.4.0-RC[0-9]
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:

2
.github/workflows/release.yml vendored
View File

@ -3,6 +3,8 @@ on:
push:
tags:
- v3.4.[0-9]+
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:

15
.github/workflows/run-codeql-analysis.yml vendored Normal file
View File

@ -0,0 +1,15 @@
name: "Run CodeQL Analysis"
on:
push:
pull_request:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
permissions: read-all
jobs:
run-analysis:
permissions:
actions: read
contents: read
security-events: write
uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@6e66995f7d29de1e4ff76e4f0def7a10163fe910

2
.github/workflows/run-system-tests.yml vendored
View File

@ -3,6 +3,8 @@ on:
push:
branches:
- '3.4.x'
permissions:
contents: read
jobs:
run-system-tests:
name: 'Java ${{ matrix.java.version}}'

4
.github/workflows/trigger-docs-build.yml vendored
View File

@ -12,12 +12,14 @@ on:
description: 'Version being build (e.g. 1.0.3-SNAPSHOT)'
required: false
permissions:
actions: write
contents: read
jobs:
trigger-docs-build:
name: Trigger Docs Build
if: github.repository_owner == 'spring-projects'
runs-on: ${{ vars.UBUNTU_SMALL || 'ubuntu-latest' }}
permissions:
actions: write
steps:
- name: Check Out
uses: actions/checkout@v4