]> git.ipfire.org Git - thirdparty/libarchive.git/commit
projects / thirdparty / libarchive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e017de2) | patch
Set read-only workflow tokens (#1958)
authorPedro Nacht <pnacht@google.com>
Mon, 4 Sep 2023 18:21:27 +0000 (15:21 -0300)
committerGitHub <noreply@github.com>
Mon, 4 Sep 2023 18:21:27 +0000 (11:21 -0700)
commita28aa1b6a4e26d2cf73efd213c95ee9453ff2b31
tree35d29b7968d7d56a4c60032d35cf00b4845e7ea2tree
parente017de2b772ea050d407e4ff3a6cc5ea0b5abdd7commit | diff
Set read-only workflow tokens (#1958)

Fixes #1957.

This PR ensures all workflows run with minimal permissions, instead of
with `write-all` permissions. This will protect the project from
supply-chain attacks.

The change to codeql.yml is for consistency and future-proofing. Should
another job eventually be added to the workflow, it will run with just
`contents: read`.

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
.github/workflows/ci.yml diff | blob | blame | history
.github/workflows/cifuzz.yml diff | blob | blame | history
.github/workflows/codeql.yml diff | blob | blame | history
Mirror of https://github.com/libarchive/libarchive.git