chore(ci): restrict permissions to read actions+contents

2022-05-29 17:11:26 +00:00
parent 08553bc90b
commit 4414366370
1 changed files with 6 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -33,6 +33,9 @@ on:
 jobs:
  verify:
    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
    env:
      DOCKER_BUILDKIT: "1"
    steps:
@@ -84,6 +87,9 @@ jobs:
        (github.event_name == 'pull_request' && github.actor != 'dependabot[bot]')
      )
    needs: [verify]
+    permissions:
+      actions: read
+      contents: read
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3