From 1667a668565562bf2f68ab722b7ef4ad3f08863a Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 24 Sep 2022 08:52:44 +0200 Subject: [PATCH] build: harden build.yml permissions Signed-off-by: Alex --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f01cdf4c7..fde834d7e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,6 +14,9 @@ on: env: DOCKERHUB_SLUG: distribution/distribution +permissions: + contents: read # to fetch code (actions/checkout) + jobs: test: runs-on: ubuntu-latest @@ -43,6 +46,9 @@ jobs: directory: ./ build: + permissions: + contents: write # to create GitHub release (softprops/action-gh-release) + runs-on: ubuntu-latest needs: - test