Specify permissions for GitHub Actions workflows.

2022-12-24 10:25:58 -05:00 · 2022-12-24 10:25:58 -05:00 · ae9f10bc7b
parent b0cd2a4f07
commit ae9f10bc7b
5 changed files with 16 additions and 0 deletions
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -25,3 +25,6 @@ jobs:
      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
        with:
          extra_args: --verbose
+
+permissions:
+  contents: read
--- a/.github/workflows/release-to-pypi.yml
+++ b/.github/workflows/release-to-pypi.yml
@ -20,3 +20,6 @@ jobs:
        with:
          user: __token__
          password: ${{ secrets.PYPI_API_TOKEN }}
+
+permissions:
+  contents: read
--- a/.github/workflows/release-to-test-pypi.yml
+++ b/.github/workflows/release-to-test-pypi.yml
@ -32,3 +32,6 @@ jobs:
          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
          repository_url: https://test.pypi.org/legacy/
          verbose: true
+
+permissions:
+  contents: read
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -60,3 +60,6 @@ jobs:
          verbose: true
          files: ./coverage.xml
          fail_ci_if_error: false  # https://github.com/codecov/codecov-action/issues/557
+
+permissions:
+  contents: read
--- a/.github/workflows/update_actions.yml
+++ b/.github/workflows/update_actions.yml
@ -21,3 +21,7 @@ jobs:
        with:
          token: ${{ secrets.ACTIONS_VERSION_UPDATER_TOKEN }}
          update_version_with: release-commit-sha
+
+permissions:
+  contents: read
+  pull-requests: write