diff options
| -rw-r--r-- | .github/workflows/build.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/cifuzz.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/master.yml | 9 |
3 files changed, 12 insertions, 0 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 99ec32be..b031e045 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,6 +25,8 @@ on: - 'whatsnew*' - 'LICENSE' +permissions: read-all + jobs: linux-cmake-job: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index e7ef4776..6c9b1828 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -11,6 +11,7 @@ on: push: branches: - master +permisisons: read-all jobs: Fuzzing: runs-on: ubuntu-latest diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 8f6c7b72..006daed7 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -6,8 +6,13 @@ on: branches: - master +permissions: read-all + jobs: coverage-job: + permissions: + checks: write # for coverallsapp/github-action to create new checks + contents: read # for actions/checkout to fetch code runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2.0.0 @@ -49,6 +54,8 @@ jobs: name: coverage-build path: build abi-job: + permissions: + contents: write # for Git to git push runs-on: ubuntu-18.04 ## TODO: use docker image, but for now this is not possible without hacks ## due to even public registry require some authentication: @@ -112,6 +119,8 @@ jobs: path: /tmp/le-abi-root/work/abi-check doxygen-job: + permissions: + contents: write # for Git to git push runs-on: ubuntu-18.04 strategy: fail-fast: false |