Skip to content

Commit cc6d9a7

Browse files
neilnaveenneilnaveen
authored
Set permissions for GitHub actions (#7410)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. Signed-off-by: neilnaveen <[email protected]>
1 parent e24bc60 commit cc6d9a7

File tree

6 files changed

+18
-0
lines changed

6 files changed

+18
-0
lines changed

.github/workflows/gradle-wrapper-validation.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
name: "Validate Gradle Wrapper"
22
on: [push, pull_request]
33

4+
permissions:
5+
contents: read
6+
47
jobs:
58
validation:
69
name: "Validation"

.github/workflows/gradle_branch.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
push:
88
branches-ignore: [ '3.x' ]
99

10+
permissions:
11+
contents: read
12+
1013
jobs:
1114
build:
1215

.github/workflows/gradle_jdk11.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
pull_request:
1010
branches: [ 3.x ]
1111

12+
permissions:
13+
contents: read
14+
1215
jobs:
1316
build:
1417

.github/workflows/gradle_pr.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
pull_request:
88
branches: [ 3.x ]
99

10+
permissions:
11+
contents: read
12+
1013
jobs:
1114
build:
1215

.github/workflows/gradle_release.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ on:
1010
tags:
1111
- 'v3.*.*'
1212

13+
permissions:
14+
contents: read
15+
1316
jobs:
1417
build:
1518

.github/workflows/gradle_snapshot.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
push:
88
branches: [ '3.x' ]
99

10+
permissions:
11+
contents: read
12+
1013
jobs:
1114
build:
1215

0 commit comments

Comments
 (0)