mirror of
https://github.com/coredns/coredns.git
synced 2025-10-28 16:54:15 -04:00
chore(ci): restrict token permissions (#7470)
Replace read-all with contents:read and add explicit permissions to follow principle of least privilege. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
This commit is contained in:
Ville Vesilehto
GitHub
5
.github/workflows/cifuzz.yml
vendored
5
.github/workflows/cifuzz.yml
vendored
@@ -1,8 +1,13 @@
|
|||||||
name: CIFuzz
|
name: CIFuzz
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
- master
|
- master
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
Fuzzing:
|
Fuzzing:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
5
.github/workflows/golangci-lint.yml
vendored
5
.github/workflows/golangci-lint.yml
vendored
@@ -1,6 +1,11 @@
|
|||||||
name: golangci-lint
|
name: golangci-lint
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
golangci:
|
golangci:
|
||||||
name: lint
|
name: lint
|
||||||
|
|||||||
3
.github/workflows/make.doc.yml
vendored
3
.github/workflows/make.doc.yml
vendored
@@ -4,7 +4,8 @@ on:
|
|||||||
schedule:
|
schedule:
|
||||||
- cron: '22 10 * * 0'
|
- cron: '22 10 * * 0'
|
||||||
|
|
||||||
permissions: read-all
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
fix:
|
fix:
|
||||||
|
|||||||
3
.github/workflows/release.yml
vendored
3
.github/workflows/release.yml
vendored
@@ -7,6 +7,9 @@ on:
|
|||||||
description: "Commit (e.g., 52f0348)"
|
description: "Commit (e.g., 52f0348)"
|
||||||
default: "master"
|
default: "master"
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
name: Release
|
name: Release
|
||||||
|
|||||||
Reference in New Issue
Block a user