mirror of
https://github.com/adrienverge/yamllint.git
synced 2024-11-21 23:27:22 -06:00
ci: Security hardening for GitHub Actions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs The idea is that the software supply chain relies on 3rd party actions that could be compromised. Mitigate this risk by giving these actions minimal rights to the repository. Here read-only access is good enough.
This commit is contained in:
parent
22ddf4c8e5
commit
4d271f3daf
3
.github/workflows/ci.yaml
vendored
3
.github/workflows/ci.yaml
vendored
@ -8,6 +8,9 @@ on: # yamllint disable-line rule:truthy
|
||||
branches:
|
||||
- master
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
name: Linters
|
||||
|
Loading…
Reference in New Issue
Block a user