diff options
author | Marti Maria <marti.maria@littlecms.com> | 2023-03-14 19:04:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-14 19:04:13 +0100 |
commit | bad332609443dd3ad38a73ca950a43c4f346f39f (patch) | |
tree | a6b461490c952fe416d77cb26a05cd669de4d99f | |
parent | 71758e5783f005769723b239c9aadbc724647d21 (diff) | |
parent | 63b3a350d637ecac45423609f85a68f7a5cedc9e (diff) | |
download | lcms2-bad332609443dd3ad38a73ca950a43c4f346f39f.tar.gz |
Merge pull request #368 from diogoteles08/ci/set-workflows-permissions
CI: set minimal permissions to GitHub Workflows
Looks great, thank you!
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b1cd3a2..cc03cc9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.job }}-${{ github.ref }} cancel-in-progress: true +permissions: read-all + jobs: Ubuntu: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 37da696..1527837 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,10 +14,16 @@ on: schedule: - cron: '0 6 * * 5' +permissions: read-all + jobs: analyze: name: Analyze runs-on: ubuntu-latest + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/autobuild to send a status report strategy: fail-fast: false |