ci: Set permissions for GitHub actions

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2025-06-13 18:43:34 +00:00 · 2022-05-01 01:00:30 +00:00
parent b1a0f42b31
commit 2672fad90a
11 changed files with 37 additions and 0 deletions
--- a/.github/workflows/retest.yaml
+++ b/.github/workflows/retest.yaml
@ -0,0 +1,22 @@
+---
+name: "Retest approved pull Requests"
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    # Run the retest action every 30 minutes
+    - cron: "30 * * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  retest:
+    runs-on: ubuntu-latest
+    steps:
+      # path to the retest action
+      - uses: ceph/ceph-csi/actions/retest@devel
+        with:
+          GITHUB_TOKEN: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
+          required-label: "ci/retry/e2e"
+          max-retry: "5"
+          required-approve-count: "2"