From: Alex <aleksandrosansan@gmail.com>
Date: Wed, 28 Sep 2022 02:36:47 +0000 (+0300)
Subject: ci: GitHub workflows security hardening (#6743)
X-Git-Tag: v3.2.40~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=05c7b0d180024c5cd2e7bdda40de637de32a0523;p=thirdparty%2Fvuejs%2Fcore.git

ci: GitHub workflows security hardening (#6743)
---

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index eadcd94f6d..3128dd2cb4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   unit-test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index d9ea7a07f7..16c6c9c5c1 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -5,8 +5,12 @@ on:
 
 name: Create Release
 
+permissions: {}
 jobs:
   build:
+    permissions:
+      contents: write # to create release (yyx990803/release-tag)
+
     name: Create Release
     runs-on: ubuntu-latest
     steps: