From: Alex <aleksandrosansan@gmail.com>
Date: Mon, 26 Sep 2022 22:01:22 +0000 (+0200)
Subject: build: harden cibuild.yml permissions
X-Git-Tag: v2.39-rc1~504^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=459c535006e3ea18a4a2b53033f72190df13bf1b;p=thirdparty%2Futil-linux.git

build: harden cibuild.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
---

diff --git a/.github/workflows/cibuild.yml b/.github/workflows/cibuild.yml
index 811537cc88..dc10ad4c41 100644
--- a/.github/workflows/cibuild.yml
+++ b/.github/workflows/cibuild.yml
@@ -14,6 +14,9 @@ on:
       - 'Documentation/**'
       - 'lib*/docs/**'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -38,6 +41,10 @@ jobs:
       - name: Make install
         run: .github/workflows/cibuild.sh INSTALL
   coveralls:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      checks: write # to create new checks (coverallsapp/github-action)
+
     runs-on: ubuntu-latest
     if: github.repository == 'util-linux/util-linux'
     env: