diff options
author | Evgeny Vereshchagin <evvers@ya.ru> | 2021-11-13 22:34:04 +0000 |
---|---|---|
committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2021-11-14 10:41:06 +0000 |
commit | e7a966915dde2c6f25a5e7a06a4a637b04b89781 (patch) | |
tree | 7f82043f1bde10262d0ddbec683410e58679d6fe /.github/workflows/coverity.yml | |
parent | 10b1c3cd24f5f95e6e72caebdd6896e2eaf8b853 (diff) | |
download | systemd-e7a966915dde2c6f25a5e7a06a4a637b04b89781.tar.gz |
ci: mimic the "restricted" mode
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
Diffstat (limited to '.github/workflows/coverity.yml')
-rw-r--r-- | .github/workflows/coverity.yml | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 7b1d1217f3..a164d16fbf 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -9,7 +9,8 @@ on: # Run Coverity daily at midnight - cron: '0 0 * * *' -permissions: read-all +permissions: + contents: read jobs: build: |