chore: GitHub Workflows security hardening (#1209)

* build: harden node.js.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden npm_publish.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> --------- Signed-off-by: Alex <aleksandrosansan@gmail.com>
typicode · Apr 29, 2023 · 08fedc2 · 08fedc2
1 parent 622e4db
commit 08fedc2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -4,6 +4,9 @@ name: Node.js CI
 
 on: [push]
 
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   lint:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/npm_publish.yml b/.github/workflows/npm_publish.yml
@@ -6,6 +6,9 @@ on:
   release:
     types: [created]
 
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   build:
     runs-on: ubuntu-latest