Mercurial > vim
changeset 30515:5b94b8c82687 v9.0.0593
patch 9.0.0593: CI actions have too many permissions
Commit: https://github.com/vim/vim/commit/311df6bb0f861154e6a27144c226c805c7554a94
Author: Alex <aleksandrosansan@gmail.com>
Date: Mon Sep 26 15:52:46 2022 +0100
patch 9.0.0593: CI actions have too many permissions
Problem: CI actions have too many permissions.
Solution: Restrict permissions to what is required. (closes https://github.com/vim/vim/issues/11223)
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Mon, 26 Sep 2022 17:00:03 +0200 |
parents | fa144142b452 |
children | c3021faf02bf |
files | .github/workflows/ci.yml .github/workflows/codeql-analysis.yml .github/workflows/coverity.yml src/version.c |
diffstat | 4 files changed, 15 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: linux: runs-on: ubuntu-20.04
--- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,8 +21,15 @@ concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: analyze: + permissions: + contents: read # to fetch code (actions/checkout) + security-events: write # (github/codeql-action/autobuild) + name: Analyze runs-on: ubuntu-latest