From 859a76bb1ab31e13b1657174f600f0569346459a Mon Sep 17 00:00:00 2001 From: Matthieu MOREL Date: Sat, 6 Jan 2024 02:06:07 +0100 Subject: [PATCH] ossf: fix token permissions (#2410) Signed-off-by: Matthieu MOREL --- .github/workflows/latest_release.yaml | 8 +++++--- .github/workflows/release.yaml | 7 +++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/latest_release.yaml b/.github/workflows/latest_release.yaml index a3cca187c80..271aaf418ee 100644 --- a/.github/workflows/latest_release.yaml +++ b/.github/workflows/latest_release.yaml @@ -1,5 +1,8 @@ name: Latest Release +permissions: + contents: read + on: push: branches: @@ -7,12 +10,11 @@ on: paths-ignore: - "**/*.png" -permissions: - contents: write - jobs: latest-release: runs-on: ubuntu-22.04 + permissions: + contents: write steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./tools/github-actions/setup-deps diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 77e3a15d0c7..e69ea8724a1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,16 +1,19 @@ name: Release +permissions: + contents: read + on: push: # Sequence of patterns matched against refs/tags tags: - "v*.*.*" -permissions: - contents: write jobs: release: runs-on: ubuntu-22.04 + permissions: + contents: write steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1