Skip to content

Commit

Permalink
Restrict permissions of GITHUB_TOKEN
Browse files Browse the repository at this point in the history 
This changes the default permissions for the GITHUB_TOKEN used in our
GitHub Actions configuration to the minimum required to successfully
run.
  • Loading branch information
@mcdonnnj
mcdonnnj committed Oct 29, 2024
1 parent f0e55b3 commit 8a77a8b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ env:
jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
Expand All @@ -48,6 +50,9 @@ jobs:
lint:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
runs-on: ubuntu-latest
steps:
- id: harden-runner
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/sync-labels.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ permissions:
jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
Expand Down

0 comments on commit 8a77a8b

Please sign in to comment.