From eace2033a1e63a61bb184cabf0f65b487383bee3 Mon Sep 17 00:00:00 2001 From: Jason Dent Date: Tue, 5 Apr 2022 12:20:28 +0200 Subject: [PATCH] Limit permissions on more workflows --- .github/workflows/cspell-action.yml | 3 +++ .github/workflows/integration-test.yml | 3 +++ .github/workflows/update-dependencies.yml | 3 +++ .github/workflows/update-integration-snapshots.yml | 3 +++ 4 files changed, 12 insertions(+) diff --git a/.github/workflows/cspell-action.yml b/.github/workflows/cspell-action.yml index b2858d14249..ef41a545d01 100644 --- a/.github/workflows/cspell-action.yml +++ b/.github/workflows/cspell-action.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: read + jobs: cspell: runs-on: ubuntu-latest diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 2ff263e2554..3a8ba2954a9 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -21,6 +21,9 @@ on: # Run on demand workflow_dispatch: +permissions: + contents: read + jobs: integration-tests: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index e820076cdbc..a5ad1edc446 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -17,6 +17,9 @@ on: schedule: - cron: "0 12 * * 0" +permissions: + contents: read + jobs: update-dependencies: if: github.repository_owner == 'streetsidesoftware' diff --git a/.github/workflows/update-integration-snapshots.yml b/.github/workflows/update-integration-snapshots.yml index 66d3f193ef9..f4a11baa0aa 100644 --- a/.github/workflows/update-integration-snapshots.yml +++ b/.github/workflows/update-integration-snapshots.yml @@ -5,6 +5,9 @@ on: schedule: - cron: "0 8 * * 1" # Monday at 8 UTC +permissions: + contents: read + jobs: update: if: github.repository_owner == 'streetsidesoftware'