ci: harden permissions for GitHub Workflows (#11174)

* build: harden main.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden project.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* Update project.yml

The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`
This commit is contained in:
Alex 2022-10-07 15:39:00 +03:00 committed by GitHub
parent f52b3c6716
commit 065f5ffc5a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions

View file

@ -14,6 +14,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
tests:
name: Run tests

View file

@ -9,6 +9,7 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions: {}
jobs:
add-to-project:
name: Add to project