Commit d670878
committed
Specify explicit
Three CI workflows that need only `contents: read` permissions and
no other permissions did not have explicit permissions set, and
would therefore be given permissions configured for the repository.
It is recommended to set explicit workflow permissions. This does
so, bringing those workflows inline with `pythonpackage.yml` (which
had this), and closing three `actions/missing-workflow-permissions`
CodeQL alerts (new since #2032 enabled scanning of GHA workflows).
See also:
https://codeql.github.com/codeql-query-help/actions/actions-missing-workflow-permissions/contents: read workflow permissions1 parent 2e4a0d2 commit d670878Copy full SHA for d670878
3 files changed
+9Lines changed: 9 additions & 0 deletions
File tree
Expand file treeCollapse file tree
Open diff view settings
Filter options
- .github/workflows
Expand file treeCollapse file tree
Open diff view settings
Collapse file
.github/workflows/alpine-test.yml
Copy file name to clipboardExpand all lines: .github/workflows/alpine-test.yml+3Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
2 | 2 | |
3 | 3 | |
4 | 4 | |
| 5 | + |
| 6 | + |
| 7 | + |
5 | 8 | |
6 | 9 | |
7 | 10 | |
|
Collapse file
.github/workflows/cygwin-test.yml
Copy file name to clipboardExpand all lines: .github/workflows/cygwin-test.yml+3Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
2 | 2 | |
3 | 3 | |
4 | 4 | |
| 5 | + |
| 6 | + |
| 7 | + |
5 | 8 | |
6 | 9 | |
7 | 10 | |
|
Collapse file
+3Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
2 | 2 | |
3 | 3 | |
4 | 4 | |
| 5 | + |
| 6 | + |
| 7 | + |
5 | 8 | |
6 | 9 | |
7 | 10 | |
|
0 commit comments