mirror of
https://github.com/systemd/systemd
synced 2024-10-14 20:17:52 +00:00
ci: mimic the "restricted" mode
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token it should be enough to grant the "read contents" permission to most of our actions. The "read metadata" permission is set impliciclty somewhere and can't be set via the "permissions" setting: ``` The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata' ```
This commit is contained in:
parent
10b1c3cd24
commit
e7a966915d
3
.github/workflows/build_test.yml
vendored
3
.github/workflows/build_test.yml
vendored
|
@ -12,7 +12,8 @@ on:
|
|||
- 'src/**'
|
||||
- 'test/fuzz/**'
|
||||
|
||||
permissions: read-all
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
|
3
.github/workflows/cifuzz.yml
vendored
3
.github/workflows/cifuzz.yml
vendored
|
@ -5,7 +5,8 @@
|
|||
|
||||
name: CIFuzz
|
||||
|
||||
permissions: read-all
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
|
|
3
.github/workflows/coverity.yml
vendored
3
.github/workflows/coverity.yml
vendored
|
@ -9,7 +9,8 @@ on:
|
|||
# Run Coverity daily at midnight
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
permissions: read-all
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
|
3
.github/workflows/linter.yml
vendored
3
.github/workflows/linter.yml
vendored
|
@ -10,7 +10,8 @@ on:
|
|||
- main
|
||||
- v[0-9]+-stable
|
||||
|
||||
permissions: read-all
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
|
3
.github/workflows/mkosi.yml
vendored
3
.github/workflows/mkosi.yml
vendored
|
@ -14,7 +14,8 @@ on:
|
|||
- main
|
||||
- v[0-9]+-stable
|
||||
|
||||
permissions: read-all
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
|
|
3
.github/workflows/unit_tests.yml
vendored
3
.github/workflows/unit_tests.yml
vendored
|
@ -9,7 +9,8 @@ on:
|
|||
- main
|
||||
- v[0-9]+-stable
|
||||
|
||||
permissions: read-all
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
|
Loading…
Reference in a new issue