From 503e7ab52a366165c666afe103a6c92dd8f9223f Mon Sep 17 00:00:00 2001 From: Pedro Kaj Kjellerup Nacht Date: Wed, 15 Mar 2023 20:59:30 +0000 Subject: [PATCH] Add read-only top-level workflow permissions Signed-off-by: Pedro Kaj Kjellerup Nacht --- .github/workflows/cifuzz.yml | 3 +++ .github/workflows/release.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 30a5196098..1cf8618cb2 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -1,6 +1,9 @@ name: CIFuzz on: [pull_request] +permissions: + contents: read + concurrency: group: ${{ github.workflow }} @ ${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0c28aaa304..260dec42bf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,6 +12,9 @@ on: - "!*.pr*" - "!*b" +permissions: + contents: read + jobs: release: runs-on: "ubuntu-20.04"