GitHub Workflows security hardening (#6472)

* build: harden action_tools.yml permissions Signed-off-by: N Alex <aleksandrosansan@gmail.com> * build: harden action.yml permissions Signed-off-by: N Alex <aleksandrosansan@gmail.com> * build: harden action_utest.yml permissions Signed-off-by: N Alex <aleksandrosansan@gmail.com> Signed-off-by: N Alex <aleksandrosansan@gmail.com>

GitHub Workflows security hardening (#6472)
* build: harden action_tools.yml permissions Signed-off-by: N Alex <aleksandrosansan@gmail.com> * build: harden action.yml permissions Signed-off-by: N Alex <aleksandrosansan@gmail.com> * build: harden action_utest.yml permissions Signed-off-by: N Alex <aleksandrosansan@gmail.com> Signed-off-by: N Alex <aleksandrosansan@gmail.com>
e0294dab · Alex · GitHub · 64a62978 · e0294dab · e0294dab
Showing with 9 addition and 0 deletion

.github/workflows/action.yml .github/workflows/action.yml +3 -0

.github/workflows/action_tools.yml .github/workflows/action_tools.yml +3 -0

.github/workflows/action_utest.yml .github/workflows/action_utest.yml +3 -0

未找到文件。
--- a/.github/workflows/action.yml
+++ b/.github/workflows/action.yml
@@ -21,6 +21,9 @@ on:
      - '**/README.md'
      - '**/README_zh.md'

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  build:
    runs-on: ubuntu-latest

--- a/.github/workflows/action_tools.yml
+++ b/.github/workflows/action_tools.yml
@@ -27,6 +27,9 @@ on:
      - '**/*.h'
      - '**/*.cpp'

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  test:
    runs-on: ubuntu-latest

--- a/.github/workflows/action_utest.yml
+++ b/.github/workflows/action_utest.yml
@@ -21,6 +21,9 @@ on:
      - '**/README.md'
      - '**/README_zh.md'

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
  test:
    runs-on: ubuntu-latest