GitHub Workflows security hardening (#4761)
* build: harden integration_tests.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden image_builds.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> Signed-off-by: Alex <aleksandrosansan@gmail.com> Co-authored-by: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com>
This commit is contained in:
Alex
GitHub
3
.github/workflows/image_builds.yml
vendored
3
.github/workflows/image_builds.yml
vendored
@@ -5,6 +5,9 @@ on:
|
|||||||
branches: [ "master", "staging" ]
|
branches: [ "master", "staging" ]
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
docker_image_builds:
|
docker_image_builds:
|
||||||
strategy:
|
strategy:
|
||||||
|
|||||||
3
.github/workflows/integration_tests.yml
vendored
3
.github/workflows/integration_tests.yml
vendored
@@ -5,6 +5,9 @@ on:
|
|||||||
branches: [ "master", "staging" ]
|
branches: [ "master", "staging" ]
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
integration_tests:
|
integration_tests:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
Reference in New Issue
Block a user