Skip to content

Commit f0b757e

Browse files
[StepSecurity] ci: Harden GitHub Actions (apache#8209)
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
1 parent 5c7e4b7 commit f0b757e

4 files changed

Lines changed: 12 additions & 0 deletions

File tree

.github/workflows/build.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ concurrency:
2323
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
2424
cancel-in-progress: true
2525

26+
permissions:
27+
contents: read
28+
2629
jobs:
2730
build:
2831
runs-on: ubuntu-22.04

.github/workflows/ci.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ concurrency:
2323
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
2424
cancel-in-progress: true
2525

26+
permissions:
27+
contents: read
28+
2629
jobs:
2730
build:
2831
if: github.repository == 'apache/cloudstack'

.github/workflows/rat.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ concurrency:
2323
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
2424
cancel-in-progress: true
2525

26+
permissions:
27+
contents: read
28+
2629
jobs:
2730
build:
2831
runs-on: ubuntu-22.04

.github/workflows/ui.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ concurrency:
2323
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
2424
cancel-in-progress: true
2525

26+
permissions:
27+
contents: read
28+
2629
jobs:
2730
build:
2831
runs-on: ubuntu-22.04

0 commit comments

Comments
 (0)