diff options
author | Diogo Teles Sant'Anna <diogoteles@google.com> | 2023-05-03 13:59:32 -0300 |
---|---|---|
committer | Diogo Teles Sant'Anna <diogoteles@google.com> | 2023-05-03 13:59:32 -0300 |
commit | 474bcc1f6a691904a6733819e73fee0fa269fa77 (patch) | |
tree | fa1864c901905a3e1835a1623b9c7ae111e1edf2 | |
parent | 2dec6845c7b40340ce4ca11ab6205586d01023ed (diff) | |
download | lcms2-474bcc1f6a691904a6733819e73fee0fa269fa77.tar.gz |
ci: set minimal permisisons to GitHub Workflows
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9c34210..3b78131 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.job }}-${{ github.ref }} cancel-in-progress: true +permissions: read-all + jobs: Ubuntu: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 37da696..1527837 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,10 +14,16 @@ on: schedule: - cron: '0 6 * * 5' +permissions: read-all + jobs: analyze: name: Analyze runs-on: ubuntu-latest + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/autobuild to send a status report strategy: fail-fast: false |