ci: limit workflow permissions.
Make it so pull requests from outside contributors can't edit workflows under .github/workflows/ without approval. Also limit workflows to the minimum permissions necessary.
This commit is contained in:
evazion
3
.github/workflows/test.yaml
vendored
3
.github/workflows/test.yaml
vendored
@@ -2,6 +2,9 @@
|
||||
|
||||
name: Test
|
||||
|
||||
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_run
|
||||
workflow_run:
|
||||
|
||||
Reference in New Issue
Block a user