diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1f7c117..00b47c8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ on: - cron: "0 0 * * 1" permissions: - contents: read + contents: read-all jobs: analyze: diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml index 8dff79d..dd95814 100644 --- a/.github/workflows/deny.yml +++ b/.github/workflows/deny.yml @@ -6,6 +6,8 @@ on: pull_request: paths-ignore: - "**.md" +permissions: + contents: read-all jobs: cargo-deny: diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index a401132..1314b62 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -13,6 +13,9 @@ env: AR: llvm-ar CC: clang +permissions: + contents: read-all + jobs: clippy: name: Clippy diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 3a855af..cede780 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -13,7 +13,7 @@ env: TOOLCHAIN_PROFILE: minimal permissions: - contents: read + contents: read-all jobs: integration: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7bc0738..a642f4b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,3 +1,6 @@ +permissions: + contents: read-all + on: push: paths-ignore: diff --git a/.github/workflows/oss-fuzz.yml b/.github/workflows/oss-fuzz.yml index df08a57..f54833f 100644 --- a/.github/workflows/oss-fuzz.yml +++ b/.github/workflows/oss-fuzz.yml @@ -1,6 +1,9 @@ name: oss-fuzz on: [pull_request] -permissions: {} + +permissions: + contents: read + jobs: Fuzzing: runs-on: ubuntu-latest diff --git a/.github/workflows/unittest.yml b/.github/workflows/unittest.yml index 39fcf9a..e068877 100644 --- a/.github/workflows/unittest.yml +++ b/.github/workflows/unittest.yml @@ -1,3 +1,6 @@ +permissions: + contents: read-all + on: push: paths-ignore: