Skip to content

Commit

Permalink
Set GHA token permissions to be read-only
Browse files Browse the repository at this point in the history
  • Loading branch information
sethmlarson committed Jul 20, 2022
1 parent ac61b73 commit 0a5f34d
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ name: CI

on: [push, pull_request]

permissions: "read-all"

defaults:
run:
shell: bash
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
paths:
- "src/urllib3/_version.py"

permissions: "read-all"

jobs:
integration:
strategy:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ name: lint

on: [push, pull_request]

permissions: "read-all"

jobs:
lint:
runs-on: ubuntu-20.04
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ on:
- "*"

permissions:
contents: "read"
# Needed to access the workflow's OIDC identity.
id-token: "write"

Expand Down

0 comments on commit 0a5f34d

Please sign in to comment.