From: Dmitry Misharov <dmitry@openssl.org>
Date: Thu, 23 Oct 2025 10:19:27 +0000 (+0200)
Subject: explicitely set minimial workflow permissions
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7faa3cc8f012b4a53c623941609b07dce0caa2d0;p=thirdparty%2Fopenssl.git

explicitely set minimial workflow permissions

https://docs.zizmor.sh/audits/#excessive-permissions

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28982)
---

diff --git a/.github/workflows/deploy-docs-openssl-org.yml b/.github/workflows/deploy-docs-openssl-org.yml
index 5554f07a42..e71b1f1539 100644
--- a/.github/workflows/deploy-docs-openssl-org.yml
+++ b/.github/workflows/deploy-docs-openssl-org.yml
@@ -8,6 +8,8 @@ on:
     paths:
       - "doc/man*/**"
 
+permissions: {}
+
 jobs:
   trigger:
     if: github.repository == 'openssl/openssl'
diff --git a/.github/workflows/interop-tests.yml b/.github/workflows/interop-tests.yml
index c34a6853b5..723eb122df 100644
--- a/.github/workflows/interop-tests.yml
+++ b/.github/workflows/interop-tests.yml
@@ -9,6 +9,8 @@ on:
     - cron: '55 02 * * *'
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   test:
     if: github.repository == 'openssl/openssl'
diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml
index 6c3d453c81..038ffad877 100644
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -12,6 +12,8 @@ on:
     tags:
       - "openssl-*"
 
+permissions: {}
+
 jobs:
   release:
     runs-on: "releaser"