From 76a53cdeca3097d6d356ab2d4a375cb8ffc80ba5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonatan=20M=C3=A4nnchen?= Date: Sun, 6 Oct 2024 14:09:24 +0200 Subject: [PATCH] Add Default Read Permissions to GH Actions --- .github/workflows/branch_main.yml | 3 +++ .github/workflows/part_dependabot.yml | 3 +++ .github/workflows/part_docs.yml | 3 +++ .github/workflows/part_release.yml | 3 +++ .github/workflows/part_test.yml | 3 +++ .github/workflows/pr.yml | 3 +++ .github/workflows/tag-beta.yml | 3 +++ .github/workflows/tag-stable.yml | 3 +++ 8 files changed, 24 insertions(+) diff --git a/.github/workflows/branch_main.yml b/.github/workflows/branch_main.yml index adb4183..786640c 100644 --- a/.github/workflows/branch_main.yml +++ b/.github/workflows/branch_main.yml @@ -5,6 +5,9 @@ on: name: "Main Branch" +permissions: + contents: read + jobs: test: name: "Test" diff --git a/.github/workflows/part_dependabot.yml b/.github/workflows/part_dependabot.yml index 42b83fa..16306a4 100644 --- a/.github/workflows/part_dependabot.yml +++ b/.github/workflows/part_dependabot.yml @@ -3,6 +3,9 @@ on: name: "Dependabot" +permissions: + contents: read + jobs: automerge_dependabot: name: "Automerge PRs" diff --git a/.github/workflows/part_docs.yml b/.github/workflows/part_docs.yml index 5174e4c..20990eb 100644 --- a/.github/workflows/part_docs.yml +++ b/.github/workflows/part_docs.yml @@ -11,6 +11,9 @@ on: name: "Documentation" +permissions: + contents: read + jobs: generate: name: "Generate" diff --git a/.github/workflows/part_release.yml b/.github/workflows/part_release.yml index 9d220a9..f80ce89 100644 --- a/.github/workflows/part_release.yml +++ b/.github/workflows/part_release.yml @@ -11,6 +11,9 @@ on: name: "Release" +permissions: + contents: read + jobs: create_prerelease: name: Create Prerelease diff --git a/.github/workflows/part_test.yml b/.github/workflows/part_test.yml index dc85864..e354e04 100644 --- a/.github/workflows/part_test.yml +++ b/.github/workflows/part_test.yml @@ -3,6 +3,9 @@ on: name: "Test" +permissions: + contents: read + jobs: phpunit: name: PHPUnit (PHP ${{ matrix.php }} on ${{ matrix.os }}) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 1b3fcdb..0bfcd0b 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -6,6 +6,9 @@ on: name: "Pull Request" +permissions: + contents: read + jobs: test: name: "Test" diff --git a/.github/workflows/tag-beta.yml b/.github/workflows/tag-beta.yml index ad21a43..44dea39 100644 --- a/.github/workflows/tag-beta.yml +++ b/.github/workflows/tag-beta.yml @@ -5,6 +5,9 @@ on: name: "Beta Tag" +permissions: + contents: read + jobs: release: name: "Release" diff --git a/.github/workflows/tag-stable.yml b/.github/workflows/tag-stable.yml index 3e9e635..f6fd293 100644 --- a/.github/workflows/tag-stable.yml +++ b/.github/workflows/tag-stable.yml @@ -5,6 +5,9 @@ on: name: "Stable Tag" +permissions: + contents: read + jobs: release: name: "Release"