From c73e9dafa86437faa8dd8b7f0fa9387e2a248797 Mon Sep 17 00:00:00 2001
From: massongit <suzukimasaya428@gmail.com>
Date: Tue, 6 Feb 2024 22:14:09 +0900
Subject: [PATCH] =?UTF-8?q?super-linter=E3=81=AB=E3=82=88=E3=82=8B?=
 =?UTF-8?q?=E6=8C=87=E6=91=98=E4=BA=8B=E9=A0=85=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/add-to-task-list.yml             | 1 +
 .github/workflows/github-actions-cache-cleaner.yml | 1 +
 .github/workflows/super-linter.yml                 | 4 ++++
 .github/workflows/update-package.yml               | 6 +++---
 scripts/super_linter/build/set_path.sh             | 2 +-
 5 files changed, 10 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 scripts/super_linter/build/set_path.sh

diff --git a/.github/workflows/add-to-task-list.yml b/.github/workflows/add-to-task-list.yml
index 1b3afc16b..9dcdc05e0 100644
--- a/.github/workflows/add-to-task-list.yml
+++ b/.github/workflows/add-to-task-list.yml
@@ -7,6 +7,7 @@ on:
   issues:
     types:
       - opened
+permissions: read-all
 jobs:
   add-to-task-list:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/github-actions-cache-cleaner.yml b/.github/workflows/github-actions-cache-cleaner.yml
index 2fe5ea76a..5ab656e43 100644
--- a/.github/workflows/github-actions-cache-cleaner.yml
+++ b/.github/workflows/github-actions-cache-cleaner.yml
@@ -7,6 +7,7 @@ on:
   schedule:
     - cron: '0 21 * * *' # 06:00 JST
   workflow_dispatch:
+permissions: read-all
 jobs:
   github-actions-cache-cleaner:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
index 340109e63..6738f7e3c 100644
--- a/.github/workflows/super-linter.yml
+++ b/.github/workflows/super-linter.yml
@@ -18,6 +18,10 @@ on:
     branches:
       - main
   pull_request:
+permissions:
+  contents: read
+  packages: read
+  statuses: write
 ###############
 # Set the Job #
 ###############
diff --git a/.github/workflows/update-package.yml b/.github/workflows/update-package.yml
index 257aacd86..b0b6cb622 100644
--- a/.github/workflows/update-package.yml
+++ b/.github/workflows/update-package.yml
@@ -10,13 +10,13 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: write
+  pull-requests: write
 jobs:
   # npm installを実行し、package.jsonやpackage-lock.jsonに差分があればPRを作る
   update-package:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
     steps:
       - uses: actions/checkout@v4.1.1
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
diff --git a/scripts/super_linter/build/set_path.sh b/scripts/super_linter/build/set_path.sh
old mode 100644
new mode 100755
index 6ab85933b..5e34dd1d7
--- a/scripts/super_linter/build/set_path.sh
+++ b/scripts/super_linter/build/set_path.sh
@@ -3,4 +3,4 @@
 npm ci --prefer-offline
 action="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml)"
 PATH="$(docker run --rm --entrypoint '' "ghcr.io/${action//\/slim@/:slim-}" /bin/sh -c 'echo $PATH')"
-echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >> "$GITHUB_ENV"
+echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >>"$GITHUB_ENV"