ci: mimic the "restricted" mode

Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token it should be enough to grant the "read contents" permission to most of our actions. The "read metadata" permission is set impliciclty somewhere and can't be set via the "permissions" setting: ``` The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata' ```
author: Evgeny Vereshchagin <evvers@ya.ru> 2021-11-13 22:34:04 +0000
committer: Frantisek Sumsal <frantisek@sumsal.cz> 2021-11-14 10:41:06 +0000
commit: e7a966915dde2c6f25a5e7a06a4a637b04b89781 (patch)
tree: 7f82043f1bde10262d0ddbec683410e58679d6fe /.github/workflows/coverity.yml
parent: 10b1c3cd24f5f95e6e72caebdd6896e2eaf8b853 (diff)
download: systemd-e7a966915dde2c6f25a5e7a06a4a637b04b89781.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 7b1d1217f3..a164d16fbf 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -9,7 +9,8 @@ on:
     # Run Coverity daily at midnight
     - cron:  '0 0 * * *'
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   build:
author	Evgeny Vereshchagin <evvers@ya.ru>	2021-11-13 22:34:04 +0000
committer	Frantisek Sumsal <frantisek@sumsal.cz>	2021-11-14 10:41:06 +0000
commit	e7a966915dde2c6f25a5e7a06a4a637b04b89781 (patch)
tree	7f82043f1bde10262d0ddbec683410e58679d6fe /.github/workflows/coverity.yml
parent	10b1c3cd24f5f95e6e72caebdd6896e2eaf8b853 (diff)
download	systemd-e7a966915dde2c6f25a5e7a06a4a637b04b89781.tar.gz