[StepSecurity] ci: Harden GitHub Actions (#5191) · unicode-org/icu4x@a4728d6

Commit

[StepSecurity] ci: Harden GitHub Actions (#5191)

## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@robertbastian. Please merge the Pull Request to incorporate the
requested changes. Please tag @robertbastian on your message if you have
any questions related to the PR.
## Security Fixes

### Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make
authenticated calls to the GitHub API. GitHub recommends setting minimum
token permissions for the GITHUB_TOKEN.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions)


## Feedback
For bug reports, feature requests, and general feedback; please email
[email protected]. To create such PRs, please visit
https://app.stepsecurity.io/securerepo.


Signed-off-by: StepSecurity Bot <[email protected]>

Signed-off-by: StepSecurity Bot <[email protected]>

Loading branch information

step-security-bot authored Jul 10, 2024

1 parent 9bd7ba8 commit a4728d6

.github/workflows/artifacts-info.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -12,6 +12,9 @@ on: @@
       pull_request:
         branches: ["*"]
+    permissions:
+      contents: read
     jobs:
       docs:
         name: "Docs Preview"
@@ Expand Down @@

0 comments on commit `a4728d6`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `a4728d6`

Commit

There are no files selected for viewing

0 comments on commit a4728d6

0 comments on commit `a4728d6`