diff options
author | Varun Sharma <varunsh@stepsecurity.io> | 2022-07-09 07:03:23 -0700 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-07-13 10:21:19 +1000 |
commit | d94f8aa38570b459601a9b69793c73f1f369a516 (patch) | |
tree | c48a426a7debc16860c55abfd8ffb6c0ded052d5 | |
parent | c3efe5c96128d699f0884128ce905906bc28ed34 (diff) |
ci: add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)
(cherry picked from commit c6e7f427c82dfa17416a39af7661c40162d57aaf)
(cherry picked from commit 90d6e6a3d5d30c3df4edf4a6430472c3eeb7d7a7)
-rw-r--r-- | .github/workflows/ci.yml | 3 | ||||
-rw-r--r-- | .github/workflows/cross-compiles.yml | 3 | ||||
-rw-r--r-- | .github/workflows/run-checker-ci.yml | 3 | ||||
-rw-r--r-- | .github/workflows/run-checker-daily.yml | 5 | ||||
-rw-r--r-- | .github/workflows/run-checker-merge.yml | 3 | ||||
-rw-r--r-- | .github/workflows/windows.yml | 3 |
6 files changed, 19 insertions, 1 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad264ae8fb..0c47c11d4f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,9 @@ on: [pull_request, push] # before_script: # - make="make -s" +permissions: + contents: read + jobs: check_update: runs-on: ubuntu-latest diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index e40bcf5852..91f2f81cdc 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -3,6 +3,9 @@ name: Cross Compile for 1.1.1 on: [pull_request, push] +permissions: + contents: read + jobs: cross-compilation: strategy: diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index ec208578ab..6edbaacdbe 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -2,6 +2,9 @@ name: Run-checker CI for 1.1.1 # Jobs run per pull request submission on: [pull_request, push] +permissions: + contents: read + jobs: run-checker: strategy: diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index e335b87b31..1f68644d1a 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -4,7 +4,10 @@ name: Run-checker daily for 1.1.1 on: schedule: - - cron: '42 6 * * *' + - cron: '42 6 * * *' +permissions: + contents: read + jobs: run-checker: strategy: diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index ff2d666b6d..30254fa7ec 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -3,6 +3,9 @@ name: Run-checker merge for 1.1.1 # Jobs run per merge to 1.1.1 on: [push] +permissions: + contents: read + jobs: run-checker: strategy: diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 6f1b50552e..c6bf00a6c3 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -3,6 +3,9 @@ name: Windows GitHub CI for 1.1.1 on: [pull_request, push] +permissions: + contents: read + jobs: shared: # Run a job for each of the specified target architectures: |