build: harden workflow permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
Alex
3
.github/workflows/ci.yml
vendored
3
.github/workflows/ci.yml
vendored
@@ -5,6 +5,9 @@ on:
|
|||||||
pull_request:
|
pull_request:
|
||||||
branches: [ bleed ]
|
branches: [ bleed ]
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
linux:
|
linux:
|
||||||
name: Linux (.NET 6.0)
|
name: Linux (.NET 6.0)
|
||||||
|
|||||||
3
.github/workflows/documentation.yml
vendored
3
.github/workflows/documentation.yml
vendored
@@ -8,6 +8,9 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
default: 'release-xxxxxxxx'
|
default: 'release-xxxxxxxx'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
wiki:
|
wiki:
|
||||||
name: Update Wiki
|
name: Update Wiki
|
||||||
|
|||||||
1
.github/workflows/itch.yml
vendored
1
.github/workflows/itch.yml
vendored
@@ -8,6 +8,7 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
default: 'release-xxxxxxxx'
|
default: 'release-xxxxxxxx'
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
jobs:
|
jobs:
|
||||||
itch:
|
itch:
|
||||||
name: Deploy to itch.io
|
name: Deploy to itch.io
|
||||||
|
|||||||
3
.github/workflows/packaging.yml
vendored
3
.github/workflows/packaging.yml
vendored
@@ -7,6 +7,9 @@ on:
|
|||||||
- 'playtest-*'
|
- 'playtest-*'
|
||||||
- 'devtest-*'
|
- 'devtest-*'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write # for release creation (svenstaro/upload-release-action)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
source:
|
source:
|
||||||
name: Source Tarball
|
name: Source Tarball
|
||||||
|
|||||||
Reference in New Issue
Block a user