Merge pull request #694 from joycebrum/master

Actions: Set permissions to "contents: read" to avoid permissive workflows
author: Sebastian Pipping <sebastian@pipping.org> 2023-03-07 23:03:11 +0100
committer: GitHub <noreply@github.com> 2023-03-07 23:03:11 +0100
commit: 646ddfd85a3a51f57d1e2fd8e8b79667490546ec (patch)
tree: 0b0dd2dc77b62295ddc0b3e71caf886d58d5f67e
parent: f2925e61833d5d39065c80d131d096870c8e3199 (diff)
parent: c01d732693db93fc9b0401fda9579dc01dc4b5d7 (diff)
download: libexpat-git-646ddfd85a3a51f57d1e2fd8e8b79667490546ec.tar.gz
8 files changed, 24 insertions, 0 deletions
diff --git a/.github/workflows/autotools-cmake.yml b/.github/workflows/autotools-cmake.yml
index ae33934a..0d8311c0 100644
--- a/.github/workflows/autotools-cmake.yml
+++ b/.github/workflows/autotools-cmake.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Ensure that GNU Autotools and CMake build systems agree
diff --git a/.github/workflows/cmake-required-version.yml b/.github/workflows/cmake-required-version.yml
index 33a958ee..04b0fe49 100644
--- a/.github/workflows/cmake-required-version.yml
+++ b/.github/workflows/cmake-required-version.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Ensure realistic minimum CMake version requirement
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index e56dbc71..3b29d4af 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Collect test coverage
diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml
index cab9bcb4..346b9afa 100644
--- a/.github/workflows/cppcheck.yml
+++ b/.github/workflows/cppcheck.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Run Cppcheck
diff --git a/.github/workflows/expat_config_h.yml b/.github/workflows/expat_config_h.yml
index f77e47ab..272e4b44 100644
--- a/.github/workflows/expat_config_h.yml
+++ b/.github/workflows/expat_config_h.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Check expat_config.h.{in,cmake} for regressions
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 4cfd30a6..a403eb79 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Perform checks
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index cd5cf621..5b355ae8 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Perform checks
diff --git a/.github/workflows/valid-xml.yml b/.github/workflows/valid-xml.yml
index 2dcdec14..f9c0356e 100644
--- a/.github/workflows/valid-xml.yml
+++ b/.github/workflows/valid-xml.yml
@@ -35,6 +35,9 @@ on:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: Ensure well-formed and valid XML
author	Sebastian Pipping <sebastian@pipping.org>	2023-03-07 23:03:11 +0100
committer	GitHub <noreply@github.com>	2023-03-07 23:03:11 +0100
commit	646ddfd85a3a51f57d1e2fd8e8b79667490546ec (patch)
tree	0b0dd2dc77b62295ddc0b3e71caf886d58d5f67e
parent	f2925e61833d5d39065c80d131d096870c8e3199 (diff)
parent	c01d732693db93fc9b0401fda9579dc01dc4b5d7 (diff)
download	libexpat-git-646ddfd85a3a51f57d1e2fd8e8b79667490546ec.tar.gz