forked from extern/ohmyzsh
ci: harden permissions for GitHub Workflows (#11174)
* build: harden main.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden project.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * Update project.yml The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`
This commit is contained in:
parent
f52b3c6716
commit
065f5ffc5a
3
.github/workflows/main.yml
vendored
3
.github/workflows/main.yml
vendored
@ -14,6 +14,9 @@ concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
name: Run tests
|
||||
|
1
.github/workflows/project.yml
vendored
1
.github/workflows/project.yml
vendored
@ -9,6 +9,7 @@ concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
permissions: {}
|
||||
jobs:
|
||||
add-to-project:
|
||||
name: Add to project
|
||||
|
Loading…
Reference in New Issue
Block a user