diff options
author | Diogo Teles Sant'Anna <diogoteles@google.com> | 2023-03-06 14:26:11 +0000 |
---|---|---|
committer | Azat Khuzhin <a3at.mail@gmail.com> | 2023-03-06 21:18:59 +0100 |
commit | 99a4b1a7865fdfb965868901701463b1a0ee7174 (patch) | |
tree | 8adc19230fc8ebaf2a599c7dd78a1a8b02f04a1c /.github/workflows/master.yml | |
parent | 6bfa58055919a12acec070cdecef1bfb69f4e4d2 (diff) | |
download | libevent-99a4b1a7865fdfb965868901701463b1a0ee7174.tar.gz |
ci: set minimal permissions on GitHub Actions
Change made by setting top-level read-only permisisons, and any
other necessary permissions set as job-level.
Closes #1421
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Diffstat (limited to '.github/workflows/master.yml')
-rw-r--r-- | .github/workflows/master.yml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 8f6c7b72..006daed7 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -6,8 +6,13 @@ on: branches: - master +permissions: read-all + jobs: coverage-job: + permissions: + checks: write # for coverallsapp/github-action to create new checks + contents: read # for actions/checkout to fetch code runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2.0.0 @@ -49,6 +54,8 @@ jobs: name: coverage-build path: build abi-job: + permissions: + contents: write # for Git to git push runs-on: ubuntu-18.04 ## TODO: use docker image, but for now this is not possible without hacks ## due to even public registry require some authentication: @@ -112,6 +119,8 @@ jobs: path: /tmp/le-abi-root/work/abi-check doxygen-job: + permissions: + contents: write # for Git to git push runs-on: ubuntu-18.04 strategy: fail-fast: false |