Skip to content

Commit 6027388

Browse files
acoburnacoburn
authored
Tighten workflow permissions (#2572)
1 parent 787817d commit 6027388

File tree

3 files changed

+18
-0
lines changed

3 files changed

+18
-0
lines changed

.github/workflows/cd-config.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,13 @@ on:
99
- inrupt-client-[0-9]+.[0-9]+.[0-9]+.Alpha[0-9]+
1010
- inrupt-client-[0-9]+.[0-9]+.[0-9]+.Beta[0-9]+
1111

12+
permissions: {}
13+
1214
jobs:
1315
deployment:
1416
name: Deploy artifacts
17+
permissions:
18+
contents: read
1519
runs-on: ubuntu-latest
1620
environment:
1721
name: ${{ matrix.envName }}

.github/workflows/ci-config.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,13 @@ on:
55
pull_request: { }
66
merge_group: { }
77

8+
permissions: {}
9+
810
jobs:
911
build:
1012
name: Java environment
13+
permissions:
14+
contents: read
1115
runs-on: ubuntu-latest
1216
strategy:
1317
matrix:
@@ -58,6 +62,8 @@ jobs:
5862

5963
performance:
6064
name: Performance Tests
65+
permissions:
66+
contents: read
6167
runs-on: ubuntu-latest
6268
strategy:
6369
matrix:
@@ -79,6 +85,8 @@ jobs:
7985

8086
documentation:
8187
name: Documentation Check
88+
permissions:
89+
contents: read
8290
runs-on: ubuntu-latest
8391
strategy:
8492
matrix:
@@ -99,6 +107,8 @@ jobs:
99107

100108
sonar:
101109
name: Sonar Scan
110+
permissions:
111+
contents: read
102112
runs-on: ubuntu-latest
103113
if: ${{ github.actor != 'dependabot[bot]' }}
104114

.github/workflows/site-ci-config.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,13 @@ on:
66
paths:
77
- '**/site/**'
88

9+
permissions: {}
10+
911
jobs:
1012
site:
1113
name: Project site
14+
permissions:
15+
contents: read
1216
runs-on: ubuntu-latest
1317
strategy:
1418
matrix:

0 commit comments

Comments
 (0)