From 9e3ce3f3a49d30bd372eac461a6199436e8f1d22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= Date: Wed, 19 Jan 2022 21:38:54 -0800 Subject: [PATCH] Set read-all permission to GITHUB_TOKEN for CI jobs --- .github/workflows/ci.yml | 2 ++ .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/docker.yml | 1 + .github/workflows/linters.yml | 2 ++ 4 files changed, 7 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e408a42b..4f93a24e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,6 @@ name: CI Workflow +permissions: read-all + on: pull_request: branches: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cda7faf3..af1272e5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -11,6 +11,8 @@ # name: "CodeQL" +permissions: read-all + on: push: branches: [ master ] diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2a7aa5ca..ad4751fc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,4 +1,5 @@ name: Docker +permissions: read-all on: schedule: - cron: '0 1 * * *' diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index a837112c..b952adc7 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -1,4 +1,6 @@ name: Linters +permissions: read-all + on: pull_request: branches: