ci: restrict the CI actions permissions

2024-08-15 13:50:01 +02:00
parent f3773f724a
commit 44a4e69a62
3 changed files with 15 additions and 0 deletions
--- a/.github/workflows/conventional-commits.yml
+++ b/.github/workflows/conventional-commits.yml
@@ -4,10 +4,17 @@ on:
  pull_request:
    types: [ opened, synchronize, reopened, edited ]

+permissions: { }
+
 jobs:
  build:
    name: conventional commits
    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
    steps:
      - name: checkout code
        uses: actions/checkout@v3
--- a/.github/workflows/conventional-pull-requests.yml
+++ b/.github/workflows/conventional-pull-requests.yml
@@ -4,10 +4,17 @@ on:
  pull_request:
    types: [ opened, synchronize, reopened, edited ]

+permissions: { }
+
 jobs:
  build:
    name: conventional pull requests
    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
    steps:
      - name: conventional pull requests check
        uses: ytanikin/PRConventionalCommits@1.1.0
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,6 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: read
+      pull-requests: read
      packages: read
      statuses: write
    steps: