From 2a4b03d794decfeb6fb0a73801f6c4653b0217e3 Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 26 Sep 2022 13:12:37 +0200 Subject: [PATCH 1/3] build: harden phpstan.yml permissions Signed-off-by: Alex --- .github/workflows/phpstan.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml index 65e9a6427b..30948c7c5b 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -12,6 +12,9 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read # to fetch code (actions/checkout) + jobs: phpstan: name: "PHP: 7.4 | PHPStan" From 14cdeb9682064acb13ce5895482e0d56a05ee054 Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 26 Sep 2022 13:13:37 +0200 Subject: [PATCH 2/3] build: harden test.yml permissions Signed-off-by: Alex --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 04c7cba00a..605cf33416 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,6 +12,9 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read # to fetch code (actions/checkout) + jobs: build: runs-on: ubuntu-latest From 5397ca17aa1d583efe12a612b23d401968efcb13 Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 26 Sep 2022 13:14:21 +0200 Subject: [PATCH 3/3] build: harden validate.yml permissions Signed-off-by: Alex --- .github/workflows/validate.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 887b9c2b7b..d868179d92 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -12,6 +12,9 @@ on: # Allow manually triggering the workflow. workflow_dispatch: +permissions: + contents: read # to fetch code (actions/checkout) + jobs: checkxml: name: Check XML files