ci: limit workflow permissions.
Make it so pull requests from outside contributors can't edit workflows under .github/workflows/ without approval. Also limit workflows to the minimum permissions necessary.
This commit is contained in:
evazion
7
.github/CODEOWNERS
vendored
Normal file
7
.github/CODEOWNERS
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
# This file is used by Github to prevent pull requests from modifying CI
|
||||
# workflow files without approval.
|
||||
#
|
||||
# https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-codeowners-to-monitor-changes
|
||||
# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
|
||||
|
||||
.github/ @evazion
|
||||
Reference in New Issue
Block a user