Restrict job permissions in GitHub actions workflows
Restrict the GitHub token permissions only to the required ones, i.e. just read-only access to the code. This is done in order to reduce the potential harm in case of a malicious pull request, see GitHub blog post at https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> Closes #22574.
This commit is contained in:
naveen
Vadim Zeitlin
parent
d5ed77da53
commit
64add326f6
7 changed files with 21 additions and 0 deletions
3
.github/workflows/ci.yml
vendored
3
.github/workflows/ci.yml
vendored
|
|
@ -45,6 +45,9 @@ on:
|
|||
- '*.yml'
|
||||
- 'wxwidgets.props'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ${{ matrix.runner }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue