From c6d66dfa6ccdd40924f09ad9bc8f75b254cc9d90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 2 Aug 2023 17:19:34 +0200 Subject: [PATCH] Add `permissions` to GitHub Action Workflows --- .github/workflows/codestyle.yml | 3 +++ .github/workflows/javascript.yml | 3 +++ .github/workflows/php.yml | 3 +++ .github/workflows/pull_request.yml | 4 ++++ .github/workflows/templates.yml | 3 +++ .github/workflows/typescript.yml | 3 +++ .github/workflows/version_check.yml | 3 +++ 7 files changed, 22 insertions(+) diff --git a/.github/workflows/codestyle.yml b/.github/workflows/codestyle.yml index 8e1d5a5558c..e5fbce5ca73 100644 --- a/.github/workflows/codestyle.yml +++ b/.github/workflows/codestyle.yml @@ -6,6 +6,9 @@ on: - master pull_request: +permissions: + contents: read + jobs: php: name: PHP diff --git a/.github/workflows/javascript.yml b/.github/workflows/javascript.yml index 0a96ef24600..200fd60477a 100644 --- a/.github/workflows/javascript.yml +++ b/.github/workflows/javascript.yml @@ -10,6 +10,9 @@ on: - master pull_request: +permissions: + contents: read + jobs: syntax: name: "Check Syntax" diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 7ee11ed7716..b15a3df4842 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -10,6 +10,9 @@ on: - master pull_request: +permissions: + contents: read + jobs: syntax: name: "Check Syntax (${{ matrix.php }})" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 0facc2bd753..6d94faff556 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -10,6 +10,10 @@ on: - ready_for_review - review_requested +permissions: + contents: read + pull-requests: read + jobs: commit_message: name: Check Commit Message diff --git a/.github/workflows/templates.yml b/.github/workflows/templates.yml index 4410c4fc723..55e3440b59c 100644 --- a/.github/workflows/templates.yml +++ b/.github/workflows/templates.yml @@ -10,6 +10,9 @@ on: - master pull_request: +permissions: + contents: read + jobs: sync: name: Check for differing synced templates. diff --git a/.github/workflows/typescript.yml b/.github/workflows/typescript.yml index ec60b1c38f8..37e0e2a3bc0 100644 --- a/.github/workflows/typescript.yml +++ b/.github/workflows/typescript.yml @@ -8,6 +8,9 @@ on: - master pull_request: +permissions: + contents: read + jobs: tsc: name: "TSC" diff --git a/.github/workflows/version_check.yml b/.github/workflows/version_check.yml index 27bffae5c3d..dc483ade878 100644 --- a/.github/workflows/version_check.yml +++ b/.github/workflows/version_check.yml @@ -6,6 +6,9 @@ on: - 'com.woltlab.wcf/package.xml' - 'wcfsetup/install/files/lib/system/WCF.class.php' +permissions: + contents: read + jobs: wcf_version: name: "Check that WCF_VERSION is in sync"