From 02d5cf297babefe142308426f9fe21598e819877 Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 25 Sep 2022 10:04:00 +0200 Subject: [PATCH] GitHub Workflows security hardening (#1711) * build: harden docker.yml permissions Signed-off-by: Alex * build: harden workflow.yml permissions Signed-off-by: Alex Signed-off-by: Alex --- .github/workflows/docker.yml | 3 +++ .github/workflows/workflow.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b185ee8..622ad94 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -7,6 +7,9 @@ on: workflow_dispatch: +permissions: + contents: read # to fetch code (actions/checkout) + jobs: push: if: github.repository == 'rq/rq' diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index d179b9b..9c85a82 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ master ] +permissions: + contents: read # to fetch code (actions/checkout) + jobs: build: name: Python${{ matrix.python-version }}/Redis${{ matrix.redis-version }}/redis-py${{ matrix.redis-py-version }}