Skip to content

Commit

Permalink
ci: GitHub Workflows security hardening (#5405)
Browse files Browse the repository at this point in the history 
* build: harden ci.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden update-latest.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>
  • Loading branch information
@sashashura
sashashura committed Sep 24, 2022
1 parent 50c6f11 commit 54540b1
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/ci.yml
View file
Expand Up @@ -2,6 +2,9 @@ name: CI

on: [push, pull_request]

permissions:
contents: read # to fetch code (actions/checkout)

jobs:
build:
strategy:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/update-latest.yml
View file
Expand Up @@ -11,6 +11,7 @@ on:
default: latest
required: true

permissions: {}
jobs:
build:
name: Tagging ${{ github.event.inputs.version }} as ${{ github.event.inputs.tag }}
Expand Down

0 comments on commit 54540b1

Please sign in to comment.