ci: add GitHub token permissions for workflows

author Varun Sharma <varunsh@stepsecurity.io>

Sat, 9 Jul 2022 14:03:23 +0000 (07:03 -0700)

committer Pauli <pauli@openssl.org>

Wed, 13 Jul 2022 00:21:19 +0000 (10:21 +1000)
author Varun Sharma <varunsh@stepsecurity.io>
Sat, 9 Jul 2022 14:03:23 +0000 (07:03 -0700)
committer Pauli <pauli@openssl.org>
Wed, 13 Jul 2022 00:21:19 +0000 (10:21 +1000)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml

index ad264ae8fb1faa9aeffd12ced6ebfb81d4e4a479..0c47c11d4fc4df7e0604d7d898882f297e02ee3f 100644 (file)
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,6 +13,9 @@ on: [pull_request, push]
  # before_script:
  #     - make="make -s"
  
+permissions:
+  contents: read
+
  jobs:
    check_update:
      runs-on: ubuntu-latest
diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml

index e40bcf58523883d5adee6b8189fd33c30d7ec7fe..91f2f81cdc098d4fd11fda4f49717e044ab28cc5 100644 (file)
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@@ -3,6 +3,9 @@ name: Cross Compile for 1.1.1
  
  on: [pull_request, push]
  
+permissions:
+  contents: read
+
  jobs:
    cross-compilation:
      strategy:
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml

index ec208578ab8537484e19ca5cb959e816ab1c01f8..6edbaacdbe8ff58cf4d50ffc18f20e784f3f8b99 100644 (file)
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -2,6 +2,9 @@
  name: Run-checker CI for 1.1.1
  # Jobs run per pull request submission
  on: [pull_request, push]
+permissions:
+  contents: read
+
  jobs:
    run-checker:
      strategy:
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml

index e335b87b319aef2a6d576ddd405cbfe7bc120cf9..1f68644d1a2de366a67517bceb9a705bc7fb0199 100644 (file)
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -4,7 +4,10 @@ name: Run-checker daily for 1.1.1
  
  on:
    schedule:
-  - cron: '42 6 * * *'
+    - cron: '42 6 * * *'
+permissions:
+  contents: read
+
  jobs:
    run-checker:
      strategy:
diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml

index ff2d666b6da2b78709d22a2b51d63ff5b57de77e..30254fa7ec0942b3d42966233050418848f1461c 100644 (file)
--- a/.github/workflows/run-checker-merge.yml
+++ b/.github/workflows/run-checker-merge.yml
@@ -3,6 +3,9 @@ name: Run-checker merge for 1.1.1
  # Jobs run per merge to 1.1.1
  
  on: [push]
+permissions:
+  contents: read
+
  jobs:
    run-checker:
      strategy:
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml

index 6f1b50552eea55ff3615eb1aa8c6ae4524973298..c6bf00a6c3ca4207e4285998d621a7756331cf6b 100644 (file)
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -3,6 +3,9 @@ name: Windows GitHub CI for 1.1.1
  
  on: [pull_request, push]
  
+permissions:
+  contents: read
+
  jobs:
    shared:
      # Run a job for each of the specified target architectures:
author	Varun Sharma <varunsh@stepsecurity.io>
	Sat, 9 Jul 2022 14:03:23 +0000 (07:03 -0700)
committer	Pauli <pauli@openssl.org>
	Wed, 13 Jul 2022 00:21:19 +0000 (10:21 +1000)
.github/workflows/ci.yml		patch \| blob \| history
.github/workflows/cross-compiles.yml		patch \| blob \| history
.github/workflows/run-checker-ci.yml		patch \| blob \| history
.github/workflows/run-checker-daily.yml		patch \| blob \| history
.github/workflows/run-checker-merge.yml		patch \| blob \| history
.github/workflows/windows.yml		patch \| blob \| history