ci: Restrict runner permissions

With StepSecurity recommendations.
macie · Dec 10, 2023 · 3962dcb · 3962dcb
1 parent 77720dd
commit 3962dcb
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -19,6 +19,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
+          disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -63,6 +63,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
+          disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -33,6 +33,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
+          disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             github.com:443