spring-security/.github/workflows/clean_build_artifacts.yml

name: Clean build artifacts
on:
  schedule:
    - cron: '0 10 * * *' # Once per day at 10am UTC

permissions:
  contents: read

jobs:
  main:
    runs-on: ubuntu-latest
    if: ${{ github.repository == 'spring-projects/spring-security' }}
    permissions:
      contents: none
    steps:
      - name: Delete artifacts in cron job
        env:
          GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
        run: |
          echo "Running clean build artifacts logic"
          output=$(curl -X GET -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts | grep '"id"' | cut -d : -f2 | sed 's/,*$//g')
          echo Output is $output
          for id in $output; do curl -X DELETE -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts/$id; done;
Build GitHub Actions CI pipeline 2020-11-10 10:25:16 -05:00			`name: Clean build artifacts`
			`on:`
			`schedule:`
			`- cron: '0 10 * * *' # Once per day at 10am UTC`

Set permissions for GitHub actions Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> 2022-06-11 20:31:28 -04:00			`permissions:`
			`contents: read`

Build GitHub Actions CI pipeline 2020-11-10 10:25:16 -05:00			`jobs:`
			`main:`
Polish gh-11367 2022-07-26 16:31:10 -04:00			`runs-on: ubuntu-latest`
Skip workflows on forks of spring-security 2022-07-28 15:17:42 -04:00			`if: ${{ github.repository == 'spring-projects/spring-security' }}`
Set permissions for GitHub actions Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> 2022-06-11 20:31:28 -04:00			`permissions:`
			`contents: none`
Build GitHub Actions CI pipeline 2020-11-10 10:25:16 -05:00			`steps:`
			`- name: Delete artifacts in cron job`
			`env:`
			`GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}`
			`run: \|`
			`echo "Running clean build artifacts logic"`
			`output=$(curl -X GET -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts \| grep '"id"' \| cut -d : -f2 \| sed 's/,*$//g')`
			`echo Output is $output`
			`for id in $output; do curl -X DELETE -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts/$id; done;`