shadowfacts/fonttools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,172 Commits 1 Branch 0 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
dependabot[bot]
ef82649c2d
build(deps): bump actions/setup-python from 3 to 4 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-06 09:58:50 +00:00
nathannaveen
83f69028a3 chore: Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
 2022-06-23 00:58:26 +00:00
Nikolaus Waxweiler
40015efe60 Update GitHub Actions 2022-04-26 11:16:49 +01:00
Cosimo Lupo
4af216dde4
publish.yml: fix tag pattern 
we don't use the leading 'v' for fonttools tags
 2020-12-04 19:32:05 +00:00
Nikolaus Waxweiler
018a798fdd Add GitHub Actions integration 2020-11-20 10:06:27 +00:00