From 02d5cf297babefe142308426f9fe21598e819877 Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Sun, 25 Sep 2022 10:04:00 +0200
Subject: [PATCH] GitHub Workflows security hardening (#1711)

* build: harden docker.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden workflow.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/docker.yml   | 3 +++
 .github/workflows/workflow.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index b185ee8d..622ad94b 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -7,6 +7,9 @@ on:
   workflow_dispatch:
 
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   push:
     if: github.repository == 'rq/rq'
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index d179b9b7..9c85a82a 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ master ]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     name: Python${{ matrix.python-version }}/Redis${{ matrix.redis-version }}/redis-py${{ matrix.redis-py-version }}