Use minimum required permissions for GitHub workflows
This reduces the attack surface if the workflows are ever compromised.
This commit is contained in:
		
							parent
							
								
									5219a705ba
								
							
						
					
					
						commit
						414186cff5
					
				
					 2 changed files with 7 additions and 0 deletions
				
			
		
							
								
								
									
										3
									
								
								.github/workflows/ci.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.github/workflows/ci.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -10,6 +10,9 @@ on: | ||||||
|       - master |       - master | ||||||
|   pull_request: |   pull_request: | ||||||
| 
 | 
 | ||||||
|  | permissions: | ||||||
|  |   contents: read | ||||||
|  | 
 | ||||||
| jobs: | jobs: | ||||||
|   build-and-test: |   build-and-test: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|  |  | ||||||
							
								
								
									
										4
									
								
								.github/workflows/docs.yml
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								.github/workflows/docs.yml
									
										
									
									
										vendored
									
									
								
							|  | @ -5,6 +5,10 @@ on: | ||||||
|     branches: |     branches: | ||||||
|       - master |       - master | ||||||
| 
 | 
 | ||||||
|  | permissions: | ||||||
|  |   # The generated docs are written to the `gh-pages` branch. | ||||||
|  |   contents: write | ||||||
|  | 
 | ||||||
| jobs: | jobs: | ||||||
|   build-and-deploy-docs: |   build-and-deploy-docs: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue