From e0294dab507c0391f3ab5973185b4fedb0d00e27 Mon Sep 17 00:00:00 2001 From: Alex Date: Thu, 29 Sep 2022 08:44:28 +0300 Subject: [PATCH] GitHub Workflows security hardening (#6472) * build: harden action_tools.yml permissions Signed-off-by: Alex * build: harden action.yml permissions Signed-off-by: Alex * build: harden action_utest.yml permissions Signed-off-by: Alex Signed-off-by: Alex --- .github/workflows/action.yml | 3 +++ .github/workflows/action_tools.yml | 3 +++ .github/workflows/action_utest.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index e48dd9b6b1..ef3b1f59fb 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -21,6 +21,9 @@ on: - '**/README.md' - '**/README_zh.md' +permissions: + contents: read # to fetch code (actions/checkout) + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/action_tools.yml b/.github/workflows/action_tools.yml index 64f8299c26..09cf71e26a 100644 --- a/.github/workflows/action_tools.yml +++ b/.github/workflows/action_tools.yml @@ -27,6 +27,9 @@ on: - '**/*.h' - '**/*.cpp' +permissions: + contents: read # to fetch code (actions/checkout) + jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/action_utest.yml b/.github/workflows/action_utest.yml index 1cf4be1220..c84fe004e0 100644 --- a/.github/workflows/action_utest.yml +++ b/.github/workflows/action_utest.yml @@ -21,6 +21,9 @@ on: - '**/README.md' - '**/README_zh.md' +permissions: + contents: read # to fetch code (actions/checkout) + jobs: test: runs-on: ubuntu-latest