diff options
author | Sebastian Pipping <sebastian@pipping.org> | 2023-03-07 23:03:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-07 23:03:11 +0100 |
commit | 646ddfd85a3a51f57d1e2fd8e8b79667490546ec (patch) | |
tree | 0b0dd2dc77b62295ddc0b3e71caf886d58d5f67e | |
parent | f2925e61833d5d39065c80d131d096870c8e3199 (diff) | |
parent | c01d732693db93fc9b0401fda9579dc01dc4b5d7 (diff) | |
download | libexpat-git-646ddfd85a3a51f57d1e2fd8e8b79667490546ec.tar.gz |
Merge pull request #694 from joycebrum/master
Actions: Set permissions to "contents: read" to avoid permissive workflows
-rw-r--r-- | .github/workflows/autotools-cmake.yml | 3 | ||||
-rw-r--r-- | .github/workflows/cmake-required-version.yml | 3 | ||||
-rw-r--r-- | .github/workflows/coverage.yml | 3 | ||||
-rw-r--r-- | .github/workflows/cppcheck.yml | 3 | ||||
-rw-r--r-- | .github/workflows/expat_config_h.yml | 3 | ||||
-rw-r--r-- | .github/workflows/linux.yml | 3 | ||||
-rw-r--r-- | .github/workflows/macos.yml | 3 | ||||
-rw-r--r-- | .github/workflows/valid-xml.yml | 3 |
8 files changed, 24 insertions, 0 deletions
diff --git a/.github/workflows/autotools-cmake.yml b/.github/workflows/autotools-cmake.yml index ae33934a..0d8311c0 100644 --- a/.github/workflows/autotools-cmake.yml +++ b/.github/workflows/autotools-cmake.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Ensure that GNU Autotools and CMake build systems agree diff --git a/.github/workflows/cmake-required-version.yml b/.github/workflows/cmake-required-version.yml index 33a958ee..04b0fe49 100644 --- a/.github/workflows/cmake-required-version.yml +++ b/.github/workflows/cmake-required-version.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Ensure realistic minimum CMake version requirement diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index e56dbc71..3b29d4af 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Collect test coverage diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index cab9bcb4..346b9afa 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Run Cppcheck diff --git a/.github/workflows/expat_config_h.yml b/.github/workflows/expat_config_h.yml index f77e47ab..272e4b44 100644 --- a/.github/workflows/expat_config_h.yml +++ b/.github/workflows/expat_config_h.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Check expat_config.h.{in,cmake} for regressions diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 4cfd30a6..a403eb79 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Perform checks diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index cd5cf621..5b355ae8 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Perform checks diff --git a/.github/workflows/valid-xml.yml b/.github/workflows/valid-xml.yml index 2dcdec14..f9c0356e 100644 --- a/.github/workflows/valid-xml.yml +++ b/.github/workflows/valid-xml.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Ensure well-formed and valid XML |