GitHub Workflows security hardening (#5365)

* build: harden pypi_upload.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden ci.yaml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com>
2026-06-05 14:50:16 +00:00 · 2022-09-20 21:41:21 +02:00
parent 40e04adea1
commit 7ef550afca
2 changed files with 6 additions and 0 deletions
@@ -32,6 +32,8 @@ on:
      - ".gitmodules"
      - ".gitattributes"
      - ".editorconfig"
+permissions:
+  contents: read # to fetch code (actions/checkout)
 jobs:
  lint:
    name: Check code linting
@@ -6,8 +6,12 @@ on:
    tags:
      - v[0-9]+.[0-9]+.*  # add .* to allow dev releases

+permissions: {}
 jobs:
  deploy:
+    permissions:
+      contents: write # to create a release (actions/create-release)
+
    name: pipenv PyPI Upload
    runs-on: ubuntu-latest
    env: