From af537af9e17899fa3ded3d595fea6bf6d0745cb0 Mon Sep 17 00:00:00 2001 From: Kisaragi Marine Date: Thu, 30 May 2024 20:32:06 +0900 Subject: [PATCH] ci: restrict token permissions --- .github/workflows/actionlint.yml | 3 +++ .github/workflows/cargo-deny.yml | 3 +++ .github/workflows/rust-wasm.yml | 3 +++ .github/workflows/rust.yml | 3 +++ 4 files changed, 12 insertions(+) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index ad935214..8c31121a 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -33,6 +33,9 @@ on: paths: - '.github/workflows/**' +permissions: + contents: read + jobs: actionlint: name: actionlint with reviewdog diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/cargo-deny.yml index edb01ab1..0098ded6 100644 --- a/.github/workflows/cargo-deny.yml +++ b/.github/workflows/cargo-deny.yml @@ -6,6 +6,9 @@ on: - '.github/workflows/cargo-deny.yml' - 'Cargo.lock' +permissions: + contents: read + jobs: cargo-deny: name: check diff --git a/.github/workflows/rust-wasm.yml b/.github/workflows/rust-wasm.yml index 0c6b90f7..132b33ac 100644 --- a/.github/workflows/rust-wasm.yml +++ b/.github/workflows/rust-wasm.yml @@ -18,6 +18,9 @@ env: CARGO_TERM_COLOR: always CI_RUST_CACHE_VERSION: v0 +permissions: + contents: read + jobs: build: strategy: diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 1a760173..694cd7bf 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -10,6 +10,9 @@ env: CARGO_TERM_COLOR: always CI_RUST_CACHE_VERSION: v1 +permissions: + contents: read + jobs: build: strategy: