Skip to content

Commit acb72a4

Browse files
sashashuraAndarist
sashashura
and
Andarist
authored
Add explicit permissions to GitHub workflows (emotion-js#2899)
* build: harden release.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden main.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * Update .github/workflows/release.yml Co-authored-by: Mateusz Burzyński <mateuszburzynski@gmail.com>
1 parent 92be52d commit acb72a4

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

.github/workflows/main.yml

+3
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
- main
77
pull_request:
88

9+
permissions:
10+
contents: read # to fetch code (actions/checkout)
11+
912
jobs:
1013
test:
1114
name: 'Tests on ${{matrix.platform}}'

.github/workflows/release.yml

+6
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,14 @@ on:
88

99
concurrency: ${{ github.workflow }}-${{ github.ref }}
1010

11+
permissions: {}
1112
jobs:
1213
release:
14+
permissions:
15+
contents: write # to create release
16+
issues: write # to post issue comments
17+
pull-requests: write # to create pull request
18+
1319
name: Release
1420
runs-on: ubuntu-latest
1521
steps:

0 commit comments

Comments
 (0)