Skip to content

Commit c4e525f

Browse files
Cirrasfourls
Cirras
authored and
fourls
committed
Specify permissions explicitly in workflows
Prompted by CodeQL alerts for `actions/missing-workflow-permissions`.
1 parent 249bd47 commit c4e525f

File tree

4 files changed

+12
-0
lines changed

4 files changed

+12
-0
lines changed

.github/workflows/build.yml

+3
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ on:
1212
- 'LICENSE.txt'
1313
- 'NOTICE.txt'
1414

15+
permissions:
16+
contents: read
17+
1518
jobs:
1619
install:
1720
runs-on: ubuntu-latest

.github/workflows/format.yml

+3
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ on:
1010
paths:
1111
- '**.java'
1212

13+
permissions:
14+
contents: read
15+
1316
jobs:
1417
check-format:
1518
runs-on: ubuntu-latest

.github/workflows/release.yml

+3
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55
tags:
66
- v*
77

8+
permissions:
9+
contents: write
10+
811
jobs:
912
publish:
1013
runs-on: ubuntu-latest

.github/workflows/sonar.yml

+3
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55
branches:
66
- 'master'
77

8+
permissions:
9+
contents: read
10+
811
jobs:
912
scan:
1013
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)