From 6015531f17fb7f84672a9beef11660919afd6164 Mon Sep 17 00:00:00 2001 From: Rick Newton-Rogers Date: Thu, 30 Oct 2025 15:47:58 +0000 Subject: [PATCH] Add explicit read permissions to workflows Motivation: * More secure GitHub Actions workflows Modifications: Add explicit 'contents: read' permissions to workflows that did not have explicit permissions defined. This follows GitHub Actions security best practices by limiting the default GITHUB_TOKEN permissions. Result: An extra layer of security. --- .github/workflows/ci.yaml | 3 +++ .github/workflows/release.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f049d5e18..d77f06ff9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,7 @@ name: CI + +permissions: + contents: read on: push: branches: ["release/1.x"] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a82b5b39c..d18409526 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,8 @@ name: Release +permissions: + contents: read + on: workflow_dispatch: inputs: