diff options
author | StepSecurity Bot <bot@stepsecurity.io> | 2022-11-25 11:14:05 +0000 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2022-11-28 11:42:40 +0900 |
commit | 595f3063f01ce25122b6d1ae452720b0ec58e86d (patch) | |
tree | 4b5bab45c4b2d26faa5dbb421030375dd148dbe4 /.github/workflows/bundled_gems.yml | |
parent | e3de7230434d5c78cc06d40893b5d7cf41e7e89c (diff) | |
download | ruby-595f3063f01ce25122b6d1ae452720b0ec58e86d.tar.gz |
[StepSecurity] ci: Harden GitHub Actions
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Diffstat (limited to '.github/workflows/bundled_gems.yml')
-rw-r--r-- | .github/workflows/bundled_gems.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/.github/workflows/bundled_gems.yml b/.github/workflows/bundled_gems.yml index 034327b356..942988c7d8 100644 --- a/.github/workflows/bundled_gems.yml +++ b/.github/workflows/bundled_gems.yml @@ -13,8 +13,13 @@ on: - cron: '45 6 * * *' workflow_dispatch: +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + jobs: update: + permissions: + contents: write # for Git to git push if: ${{ github.event_name != 'schedule' || github.repository == 'ruby/ruby' }} name: update ${{ github.workflow }} runs-on: ubuntu-latest |