Merge pull request #6680 from libgit2/ethomson/actions

actions: set permissions
2026-06-22 06:26:26 +00:00 · 2023-12-14 21:55:33 +00:00
parent d1bdf2a8b9 87b1bf80f3
commit b4e84a760c
3 changed files with 14 additions and 0 deletions
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -6,6 +6,9 @@ on:
  schedule:
  - cron: '15 4 * * *'

+permissions:
+  contents: read
+
 jobs:
  # Run our nightly builds.  We build a matrix with the various build
  # targets and their details.  Then we build either in a docker container
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -13,6 +13,9 @@ env:
  docker-registry: ghcr.io
  docker-config-path: source/ci/docker

+permissions:
+  contents: read
+
 jobs:
  containers:
    uses: ./.github/workflows/build-containers.yml
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -10,6 +10,9 @@ env:
  docker-registry: ghcr.io
  docker-config-path: source/ci/docker

+permissions:
+  contents: read
+
 jobs:
  # Run our nightly builds.  We build a matrix with the various build
  # targets and their details.  Then we build either in a docker container
@@ -385,6 +388,11 @@ jobs:
    # from using build minutes on their forks.
    if: github.repository == 'libgit2/libgit2'

+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
    name: CodeQL
    runs-on: ubuntu-latest
    steps: