add monitor to github actions

2025-07-22 18:56:15 +02:00 · 2024-11-12 14:34:29 -06:00 · 2024-11-12 14:34:29 -06:00 · a1fd5140ff
commit a1fd5140ff
parent 67f87e1a02
13 changed files with 19 additions and 0 deletions
--- a/.github/workflows/clone-staging.yaml
+++ b/.github/workflows/clone-staging.yaml
@ -19,6 +19,7 @@ jobs:
      CF_USERNAME: ${{ secrets.CF_MS_USERNAME }}
      CF_PASSWORD: ${{ secrets.CF_MS_PASSWORD }}
    steps:
+        - uses: GitHubSecurityLab/actions-permissions/monitor@v1
        - name: Clone Database
          run: |
            # install cf cli and other tools
--- a/.github/workflows/createcachetable.yaml
+++ b/.github/workflows/createcachetable.yaml
@ -37,6 +37,7 @@ jobs:
      CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
      CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Create cache table for ${{ github.event.inputs.environment }}
        uses: cloud-gov/cg-cli-tools@main
        with:
--- a/.github/workflows/daily-csv-upload.yaml
+++ b/.github/workflows/daily-csv-upload.yaml
@ -13,6 +13,7 @@ jobs:
      CF_USERNAME: CF_${{ secrets.CF_REPORT_ENV }}_USERNAME
      CF_PASSWORD: CF_${{ secrets.CF_REPORT_ENV }}_PASSWORD
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Generate current-federal.csv
        uses: cloud-gov/cg-cli-tools@main
        with:
--- a/.github/workflows/deploy-development.yaml
+++ b/.github/workflows/deploy-development.yaml
@ -17,6 +17,8 @@ jobs:
  deploy-development:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      
      - uses: actions/checkout@v3

      - name: Compile USWDS assets
--- a/.github/workflows/deploy-manual.yaml
+++ b/.github/workflows/deploy-manual.yaml
@ -44,6 +44,7 @@ jobs:
  variables:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Setting global variables
        uses: actions/github-script@v6
        id: var
@ -53,6 +54,7 @@ jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3
      - name: Compile USWDS assets
        working-directory: ./src
--- a/.github/workflows/deploy-sandbox.yaml
+++ b/.github/workflows/deploy-sandbox.yaml
@ -35,6 +35,7 @@ jobs:
      environment: ${{ steps.var.outputs.environment}}
    runs-on: "ubuntu-latest"
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Setting global variables
        uses: actions/github-script@v6
        id: var
@ -45,6 +46,7 @@ jobs:
    runs-on: ubuntu-latest
    needs: [variables]
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3
      - name: Compile USWDS assets
        working-directory: ./src
--- a/.github/workflows/deploy-stable.yaml
+++ b/.github/workflows/deploy-stable.yaml
@ -18,6 +18,7 @@ jobs:
    if: ${{ github.ref_type == 'tag' }}
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3

      - name: Compile USWDS assets
--- a/.github/workflows/deploy-staging.yaml
+++ b/.github/workflows/deploy-staging.yaml
@ -18,6 +18,7 @@ jobs:
    if: ${{ github.ref_type == 'tag' }}
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3

      - name: Compile USWDS assets
--- a/.github/workflows/issue-label-notifier.yaml
+++ b/.github/workflows/issue-label-notifier.yaml
@ -10,6 +10,7 @@ jobs:
  notify:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: jenschelkopf/issue-label-notification-action@1.3
        with:
          recipients: |
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@ -45,6 +45,7 @@ jobs:
      CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
      CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Run Django migrations for ${{ github.event.inputs.environment }}
        uses: cloud-gov/cg-cli-tools@main
        with:
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@ -45,6 +45,7 @@ jobs:
      CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
      CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Delete existing data for ${{ github.event.inputs.environment }}
        uses: cloud-gov/cg-cli-tools@main
        with:
--- a/.github/workflows/security-check.yaml
+++ b/.github/workflows/security-check.yaml
@ -38,6 +38,7 @@ jobs:
      REGISTRY_HOSTNAME: localhost

    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - name: Check out
        uses: actions/checkout@v3
      - name: Scan Django settings for security issues
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@ -21,6 +21,7 @@ jobs:
  python-linting:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3

      - name: Linting
@ -32,6 +33,7 @@ jobs:
  python-test:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3

      - name: Unit tests
@ -41,6 +43,7 @@ jobs:
  django-migrations-complete:
    runs-on: ubuntu-latest
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3

      - name: Check for complete migrations
@ -52,6 +55,7 @@ jobs:
  pa11y-scan:
    runs-on: ubuntu-20.04
    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
      - uses: actions/checkout@v3

      - name: Disable Login