Skip to content

Commit

Permalink
security: add permissions block to GH workflows (#202)
Browse files Browse the repository at this point in the history 
We want to set the default permissions for workflows to read-only for contents.

This is a security measure to prevent accidental changes to the repository.

This change adds a top-level permissions block to all workflows in the .github/workflows directory.
  • Loading branch information
@reakaleek
reakaleek authored Feb 22, 2024
1 parent 92fd1d4 commit 5327ef7
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/changelog.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
branches:
- main

permissions:
contents: read

jobs:
check:
if: "!contains(github.event.pull_request.labels.*.name, 'skip-changelog')"
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/go.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
branches:
- main

permissions:
contents: read

jobs:
check:
runs-on: ubuntu-latest
Expand Down

0 comments on commit 5327ef7

Please sign in to comment.