diff options
| author | Naveen <[email protected]> | 2022-03-24 11:32:57 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-03-24 09:32:57 -0700 |
| commit | f4a7ba967e739239173bc2440b4e1c6ba3cf41f0 (patch) | |
| tree | 9898f809d99de6014c8a15ab0bfd4adf8a913317 /.github/workflows | |
| parent | 8d045653948d7e522486203507d1edeb356a6fd3 (diff) | |
Set permissions for GitHub actions (#7984)
This limits the damage that a compromised GitHub action could do.
See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/commit-validation.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/format-validation.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/lint.yml.bkp | 3 | ||||
| -rw-r--r-- | .github/workflows/release-candidate.yml | 3 |
4 files changed, 12 insertions, 0 deletions
diff --git a/.github/workflows/commit-validation.yml b/.github/workflows/commit-validation.yml index 0b52e94e5..1c785d6f8 100644 --- a/.github/workflows/commit-validation.yml +++ b/.github/workflows/commit-validation.yml @@ -1,6 +1,9 @@ name: commit-validation on: [ push, pull_request ] +permissions: + contents: read + jobs: check-commit-msg-length: runs-on: ubuntu-latest diff --git a/.github/workflows/format-validation.yml b/.github/workflows/format-validation.yml index a0a5b34b7..f75e35db8 100644 --- a/.github/workflows/format-validation.yml +++ b/.github/workflows/format-validation.yml @@ -26,6 +26,9 @@ on: - 'test/tables/planets.jats_archiving' - 'test/tables/students.jats_archiving' +permissions: + contents: read + jobs: jats: name: JATS diff --git a/.github/workflows/lint.yml.bkp b/.github/workflows/lint.yml.bkp index 13f4919da..890f55636 100644 --- a/.github/workflows/lint.yml.bkp +++ b/.github/workflows/lint.yml.bkp @@ -14,6 +14,9 @@ on: - stack.yaml - .travis.yml +permissions: + contents: read + jobs: lint: name: Lint diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml index 84b2e8565..7259e6215 100644 --- a/.github/workflows/release-candidate.yml +++ b/.github/workflows/release-candidate.yml @@ -5,6 +5,9 @@ on: branches: - 'rc/**' +permissions: + contents: read + jobs: linux: |