From 89a1733554b9351d2ce0d409f711e036cea776e0 Mon Sep 17 00:00:00 2001 From: meenbeese Date: Sat, 8 Jul 2023 22:12:33 -0400 Subject: [PATCH] Limit workflow permissions to read-only --- .github/workflows/ant-javatest.yml | 2 ++ .github/workflows/ant-regrtest.yml | 2 ++ .github/workflows/codespell.yml | 3 +++ .github/workflows/launcher-test.yml | 2 ++ 4 files changed, 9 insertions(+) diff --git a/.github/workflows/ant-javatest.yml b/.github/workflows/ant-javatest.yml index ebcecaa0d..ae8d12dc3 100644 --- a/.github/workflows/ant-javatest.yml +++ b/.github/workflows/ant-javatest.yml @@ -8,6 +8,8 @@ on: pull_request: branches: [ master ] +permissions: + contents: read jobs: diff --git a/.github/workflows/ant-regrtest.yml b/.github/workflows/ant-regrtest.yml index 223d461fe..d1c7fb334 100644 --- a/.github/workflows/ant-regrtest.yml +++ b/.github/workflows/ant-regrtest.yml @@ -8,6 +8,8 @@ on: pull_request: branches: [ master ] +permissions: + contents: read jobs: diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 6fedd46a5..7ad8f529d 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -5,6 +5,9 @@ name: codespell on: [pull_request, push] +permissions: + contents: read + jobs: codespell-text: diff --git a/.github/workflows/launcher-test.yml b/.github/workflows/launcher-test.yml index 4f7c3fc9c..7431cccc8 100644 --- a/.github/workflows/launcher-test.yml +++ b/.github/workflows/launcher-test.yml @@ -12,6 +12,8 @@ on: pull_request: branches: [ master ] +permissions: + contents: read jobs: