From 9d4973e00260f0472bc638b4e32478bfb58f0a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Montgomery=20Edwards=E2=81=B4=E2=81=B4=E2=81=B8?= <57072051+x448@users.noreply.github.com> Date: Sat, 14 May 2022 22:24:45 -0500 Subject: [PATCH 1/2] Update ci.yml Revoke default permissions. Grant minimum required permission for CI job. --- .github/workflows/ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 096afe74..facc97a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,10 @@ # https://github.com/fxamacker/cbor/workflows/ci.yml # See ci-go-cover.yml for coverage and safer-golangci-lint.yml for linting. name: ci + +# Revoke default permissions. +permissions: {} + on: workflow_dispatch: pull_request: @@ -16,6 +20,8 @@ jobs: tests: name: Test on ${{matrix.os}} runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: matrix: os: [macos-latest, ubuntu-latest, windows-latest] @@ -25,6 +31,7 @@ jobs: uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} + check-latest: true - name: Checkout code uses: actions/checkout@v3 From 93a6d16951aa489cdad36143c8d2099b8920851d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Montgomery=20Edwards=E2=81=B4=E2=81=B4=E2=81=B8?= <57072051+x448@users.noreply.github.com> Date: Sat, 14 May 2022 22:35:46 -0500 Subject: [PATCH 2/2] Update ci.yml Add Go version to test names: name: test ${{matrix.os}} go-${{ matrix.go-version }} --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index facc97a2..95f1ee64 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ on: jobs: # Test on various OS with default Go version. tests: - name: Test on ${{matrix.os}} + name: test ${{matrix.os}} go-${{ matrix.go-version }} runs-on: ${{ matrix.os }} permissions: contents: read