fix checkov lint

Signed-off-by: André Bauer <[email protected]>
Staffbase · Apr 29, 2024 · f407128 · f407128
1 parent 332fd26
commit f407128
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 4 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,6 +1,8 @@
 name: ci
 
-on: 
+permissions: read-all
+
+on:
   pull_request:
 
 jobs:

diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml
@@ -1,15 +1,16 @@
 name: Release Drafter
 
+permissions:
+  contents: read
+
+
 on:
   push:
     branches:
       - main
   pull_request:
     types: [opened, reopened, synchronize]
 
-permissions:
-  contents: read
-
 jobs:
   update_release_draft:
     permissions:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,5 +1,7 @@
 name: Release
 
+permissions: read-all
+
 on:
   push:
     branches:
@@ -9,6 +11,10 @@ on:
 
 jobs:
   docker-build-push:
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code

diff --git a/Dockerfile b/Dockerfile
@@ -4,4 +4,7 @@ COPY self-heal.sh /self-heal.sh
 
 CMD ["/bin/sh"]
 
+#checkov:skip=CKV_DOCKER_2:We don't need Docker HEALTHCHECK in Kubernetes
+#checkov:skip=CKV_DOCKER_3:inherits curl_user from base image
+
 ENTRYPOINT ["/self-heal.sh"]