GitHub Workflows security hardening (#10456)

* build: harden lock.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden stale.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden ci.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> Signed-off-by: Alex <aleksandrosansan@gmail.com>
2025-12-24 06:07:47 -06:00 · 2022-09-29 18:41:33 +03:00
parent 544d3bbbfb
commit 23b7f5e9eb
3 changed files with 12 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,7 @@
 name: CI
 on: [push, pull_request]
+permissions:
+  contents: read # to fetch code (actions/checkout)
 jobs:
  build:
    runs-on: ubuntu-latest