ci: harden permissions for GitHub Workflows (#11174)

* build: harden main.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden project.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * Update project.yml The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`

ci: harden permissions for GitHub Workflows (#11174)
065f5ffc · Alex · GitHub · f52b3c67 · 065f5ffc · 065f5ffc
Unverified Commit 065f5ffc authored Oct 07, 2022 by Alex Committed by GitHub Oct 07, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

main.yml .github/workflows/main.yml +3 -0

project.yml .github/workflows/project.yml +1 -0

No files found.
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -14,6 +14,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  tests:
    name: Run tests

--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@@ -9,6 +9,7 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

+permissions: {}
 jobs:
  add-to-project:
    name: Add to project