build: harden CICD.yml permissions

Signed-off-by: Alex <[email protected]>
uutils · Sep 25, 2022 · 1138c90 · 1138c90
1 parent b182f81
commit 1138c90
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.github/workflows/CICD.yml b/.github/workflows/CICD.yml
@@ -17,6 +17,9 @@ env:
 
 on: [push, pull_request]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   cargo-deny:
     name: Style/cargo-deny
@@ -532,6 +535,9 @@ jobs:
         path: size-result.json
 
   build:
+    permissions:
+      contents: write # to create GitHub release (softprops/action-gh-release)
+
     name: Build
     needs: [ min_version, deps ]
     runs-on: ${{ matrix.job.os }}