diff options
| author | Alex <aleksandrosansan@gmail.com> | 2022-10-07 15:39:00 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-07 14:39:00 +0200 |
| commit | 065f5ffc5ae107f752b908d1c81e4c4f3e26e7b7 (patch) | |
| tree | 843581aa4c36e28dec23d4237102f2273b2bd778 /.github | |
| parent | f52b3c6716b632a439355510d559c9d5522edc7e (diff) | |
| download | zsh-065f5ffc5ae107f752b908d1c81e4c4f3e26e7b7.tar.gz zsh-065f5ffc5ae107f752b908d1c81e4c4f3e26e7b7.tar.bz2 zsh-065f5ffc5ae107f752b908d1c81e4c4f3e26e7b7.zip | |
ci: harden permissions for GitHub Workflows (#11174)
* build: harden main.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
* build: harden project.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
* Update project.yml
The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/main.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/project.yml | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 50e00f9c9..57a1e3833 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,6 +14,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: tests: name: Run tests diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index b2219893d..999cc08e2 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -9,6 +9,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: {} jobs: add-to-project: name: Add to project |