Merge pull request #3774 from sashashura/patch-1

GitHub Workflows security hardening
2022-09-29 18:49:50 +02:00 · 2022-09-29 18:49:50 +02:00 · cf132deb14
parent 6077d81161 c726604319
commit cf132deb14
3 changed files with 10 additions and 0 deletions
--- a/.github/workflows/dynamic_arch.yml
+++ b/.github/workflows/dynamic_arch.yml
@ -2,6 +2,9 @@ name: continuous build

 on: [push, pull_request]

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  build:
    runs-on: ${{ matrix.os }}
--- a/.github/workflows/mips64.yml
+++ b/.github/workflows/mips64.yml
@ -2,6 +2,9 @@ name: mips64 qemu test

 on: [push, pull_request]

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  TEST:
    runs-on: ubuntu-latest
--- a/.github/workflows/nightly-Homebrew-build.yml
+++ b/.github/workflows/nightly-Homebrew-build.yml
@ -17,6 +17,10 @@ on:
 # it only makes sense to test if this file has been changed

 name: Nightly-Homebrew-Build
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  build-OpenBLAS-with-Homebrew:
    runs-on: macos-latest