From: Varun Sharma <varunsh@stepsecurity.io>
Date: Sat, 9 Jul 2022 14:03:23 +0000 (-0700)
Subject: ci: add GitHub token permissions for workflows
X-Git-Tag: OpenSSL_1_1_1r~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d94f8aa38570b459601a9b69793c73f1f369a516;p=thirdparty%2Fopenssl.git

ci: add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)

(cherry picked from commit c6e7f427c82dfa17416a39af7661c40162d57aaf)
(cherry picked from commit 90d6e6a3d5d30c3df4edf4a6430472c3eeb7d7a7)
---

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ad264ae8fb1..0c47c11d4fc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,6 +13,9 @@ on: [pull_request, push]
 # before_script:
 #     - make="make -s"
 
+permissions:
+  contents: read
+
 jobs:
   check_update:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml
index e40bcf58523..91f2f81cdc0 100644
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@@ -3,6 +3,9 @@ name: Cross Compile for 1.1.1
 
 on: [pull_request, push]
 
+permissions:
+  contents: read
+
 jobs:
   cross-compilation:
     strategy:
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
index ec208578ab8..6edbaacdbe8 100644
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -2,6 +2,9 @@
 name: Run-checker CI for 1.1.1
 # Jobs run per pull request submission
 on: [pull_request, push]
+permissions:
+  contents: read
+
 jobs:
   run-checker:
     strategy:
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
index e335b87b319..1f68644d1a2 100644
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -4,7 +4,10 @@ name: Run-checker daily for 1.1.1
 
 on:
   schedule:
-  - cron: '42 6 * * *'
+    - cron: '42 6 * * *'
+permissions:
+  contents: read
+
 jobs:
   run-checker:
     strategy:
diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml
index ff2d666b6da..30254fa7ec0 100644
--- a/.github/workflows/run-checker-merge.yml
+++ b/.github/workflows/run-checker-merge.yml
@@ -3,6 +3,9 @@ name: Run-checker merge for 1.1.1
 # Jobs run per merge to 1.1.1
 
 on: [push]
+permissions:
+  contents: read
+
 jobs:
   run-checker:
     strategy:
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 6f1b50552ee..c6bf00a6c3c 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -3,6 +3,9 @@ name: Windows GitHub CI for 1.1.1
 
 on: [pull_request, push]
 
+permissions:
+  contents: read
+
 jobs:
   shared:
     # Run a job for each of the specified target architectures: