ci: explicit permissions on actions (#326)

2025-12-08 08:06:29 +00:00 · 2025-07-23 01:45:38 +12:00
parent f39668cedc
commit 502f641bbb
3 changed files with 10 additions and 0 deletions
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -16,6 +16,10 @@ on:
      - '**.md'
  workflow_dispatch:

+permissions:
+  contents: read
+  actions: write
+
 jobs:
  check-dist:
    runs-on: ubuntu-latest
--- a/.github/workflows/start.yml
+++ b/.github/workflows/start.yml
@@ -14,6 +14,9 @@ defaults:
  run:
    shell: bash

+permissions:
+  contents: read
+
 jobs:
  e2e: # make sure the action works on a clean machine without building
    runs-on: ubuntu-latest
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -5,6 +5,9 @@ on: # rebuild any PRs and main branch changes
    branches:
      - main

+permissions:
+  contents: read
+
 defaults:
  run:
    shell: bash