5c9ef9a843
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
29 lines
972 B
YAML
29 lines
972 B
YAML
name: "Stale"
|
|
on:
|
|
schedule:
|
|
- cron: "0 2 * * *"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
stale:
|
|
permissions:
|
|
issues: write # for actions/stale to close stale issues
|
|
pull-requests: write # for actions/stale to close stale PRs
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
ACTIONS_STEP_DEBUG: true
|
|
steps:
|
|
- name: Close Stale Issues
|
|
uses: actions/stale@v4
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
stale-issue-message: "This issue has been automatically marked as stale because it has been open 360 days with no activity. Remove stale label or comment or this will be closed in 180 days"
|
|
days-before-stale: 360
|
|
days-before-close: 180
|
|
stale-issue-label: "status:stale"
|
|
exempt-issue-labels: 'type:feature,type:with reproduction steps,type:has pull request'
|
|
stale-pr-label: 'status:stale'
|
|
exempt-pr-labels: 'type:feature,type:with reproduction steps,type:has pull request'
|