From 20ddea311ba69a9f78cf0dda1227eb23a54f64ac Mon Sep 17 00:00:00 2001 From: Leszek Hanusz Date: Tue, 29 Oct 2024 21:14:58 +0100 Subject: [PATCH] Restrict permissions to GitHub actions --- .github/workflows/lint.yml | 3 +++ .github/workflows/tests.yml | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 86f2468b..6f1daaf7 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,5 +1,8 @@ name: Lint +permissions: + contents: read + on: [push, pull_request] jobs: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f67d0b6f..e53820c0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,5 +1,8 @@ name: Tests +permissions: + contents: read + on: [push, pull_request] jobs: @@ -60,6 +63,10 @@ jobs: coverage: runs-on: ubuntu-24.04 + permissions: + contents: read + checks: write + steps: - uses: actions/checkout@v4 - name: Set up Python 3.12