Skip to content

Commit

Permalink
Set minimal permissions for workflows
Browse files Browse the repository at this point in the history
Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]>
  • Loading branch information
pnacht committed Nov 17, 2023
1 parent 022f8c3 commit ad56e74
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/cifuzz.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: CIFuzz
on: [pull_request]

permissions:
contents: read

jobs:
Fuzzing:
runs-on: ubuntu-latest
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/cmake.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ on:
pull_request:
branches: [ master ]

permissions:
contents: read

jobs:
build:
strategy:
Expand All @@ -19,6 +22,9 @@ jobs:
arch: x86
runs-on: ${{ matrix.os }}

permissions:
contents: write # svenstaro/upload-release-action

steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/cross_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ on:
pull_request:
branches: [ master ]

permissions:
contents: read

jobs:
build:
runs-on: ubuntu-latest
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/wheel.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ on:
pull_request:
branches: [ master ]

permissions:
contents: read

jobs:
build_wheels:
outputs:
Expand All @@ -20,6 +23,9 @@ jobs:
runs-on: ${{ matrix.os }}
name: Build wheels on ${{ matrix.os }}

permissions:
contents: write # svenstaro/upload-release-action

steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
Expand Down

0 comments on commit ad56e74

Please sign in to comment.