Add specific permissions to workflows under .github/workflows (#704)

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/release.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/test.yml

Co-authored-by: Step Security <bot@stepsecurity.io>
This commit is contained in:
Varun Sharma 2022-02-19 19:53:11 -08:00 committed by GitHub
parent 496b2c02c5
commit 22e46b846c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions

View file

@ -21,6 +21,8 @@ on:
- ".github/workflows/*.yml"
jobs:
build:
permissions:
contents: write
strategy:
matrix:
# Include amd64 on all platforms.

View file

@ -19,6 +19,8 @@ on:
jobs:
test:
permissions:
contents: read
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false