Skip to content
Snippets Groups Projects
Commit 7379d757 authored by Charles Lyding's avatar Charles Lyding Committed by Jessica Janiuk
Browse files

ci: add permissions to current github action workflows (#45177)

The currently recommended best practice for Github action workflows is to set top-level permissions to read only. And if the job uses the automatic `GITHUB_TOKEN`, fine-grained permissions for each job based on the job's requirements should also be added.
All existing workflows in the repository now have top-level read only permission blocks.
Only the `scorecard` workflow currently requires additional job level permissions and the minimum set of permissions were already present for the job.

PR Close #45177
parent 21a51fb6
No related merge requests found
......@@ -4,6 +4,10 @@ on:
pull_request_target:
types: [opened, synchronize, reopened]
# Declare default permissions as read only.
permissions:
contents: read
jobs:
labels:
runs-on: ubuntu-latest
......
......@@ -5,6 +5,10 @@ on:
# Run at 14:00 every day
- cron: '0 14 * * *'
# Declare default permissions as read only.
permissions:
contents: read
jobs:
feature_triage:
if: github.repository == 'angular/angular'
......
......@@ -5,6 +5,10 @@ on:
# Run at 16:00 every day
- cron: '0 16 * * *'
# Declare default permissions as read only.
permissions:
contents: read
jobs:
lock_closed:
if: github.repository == 'angular/angular'
......
......@@ -8,7 +8,8 @@ on:
workflow_dispatch:
# Declare default permissions as read only.
permissions: read-all
permissions:
contents: read
jobs:
analysis:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment