forked from extern/ohmyzsh
ci: harden permissions for GitHub Workflows (#11174)
* build: harden main.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden project.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * Update project.yml The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`
This commit is contained in:
parent
f52b3c6716
commit
065f5ffc5a
3
.github/workflows/main.yml
vendored
3
.github/workflows/main.yml
vendored
@ -14,6 +14,9 @@ concurrency:
|
|||||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
tests:
|
tests:
|
||||||
name: Run tests
|
name: Run tests
|
||||||
|
1
.github/workflows/project.yml
vendored
1
.github/workflows/project.yml
vendored
@ -9,6 +9,7 @@ concurrency:
|
|||||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
jobs:
|
jobs:
|
||||||
add-to-project:
|
add-to-project:
|
||||||
name: Add to project
|
name: Add to project
|
||||||
|
Loading…
Reference in New Issue
Block a user