Set github actions permissions

As suggested by OpenSSF restrict actions permission as needed. Our actions only need read access to checkout the repo. Signed-off-by: Marcus Brandenburger <[email protected]>
hyperledger · May 16, 2024 · 171d000 · 171d000
1 parent 3ee9e20
commit 171d000
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -10,7 +10,8 @@ on:
 defaults:
   run:
     shell: bash
-permissions: {}
+permissions:
+  contents: read
 jobs:
   check-md-only:
     name: This job was triggered

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -12,6 +12,10 @@ on:
      paths-ignore: 
        - '**.md'
        - '.github/workflows/**'
+
+permissions:
+  contents: read
+
 env:
   DOCKER_REGISTRY: 'ghcr.io'
   PUSH_TO_MAIN: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}