From ee933794aa2a13e5341b40b683a0b053e0d058d6 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Fri, 21 Jan 2022 15:45:59 -0600 Subject: [PATCH] github-ci: set workflow permissions to read-all --- .github/workflows/builds.yml | 2 ++ .github/workflows/cifuzz.yml | 1 + .github/workflows/commits.yml | 2 ++ .github/workflows/formatting.yml | 2 ++ 4 files changed, 7 insertions(+) diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index a6aa20417a..1a53c10640 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -4,6 +4,8 @@ on: - push - pull_request +permissions: read-all + env: DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp DEFAULT_LIBHTP_BRANCH: 0.5.x diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index f779ed32c7..9010c237e0 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -1,5 +1,6 @@ name: CIFuzz on: [pull_request] +permissions: read-all jobs: Fuzzing: runs-on: ubuntu-latest diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index 651cacfa95..fac19f9966 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -3,6 +3,8 @@ name: commit-check on: - pull_request +permissions: read-all + jobs: check-commits: diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index e77389511b..b1c040058f 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -8,6 +8,8 @@ on: - 'master-*' pull_request: +permissions: read-all + jobs: # Checking for correct formatting of branch for C code changes