Use minimum required permissions for GitHub workflows

This reduces the attack surface if the workflows are ever compromised.
2022-07-03 23:55:28 +03:00 · 2022-07-03 23:55:28 +03:00 · 414186cff5
parent 5219a705ba
commit 414186cff5
2 changed files with 7 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -10,6 +10,9 @@ on:
      - master
  pull_request:

+permissions:
+  contents: read
+
 jobs:
  build-and-test:
    runs-on: ubuntu-latest
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@ -5,6 +5,10 @@ on:
    branches:
      - master

+permissions:
+  # The generated docs are written to the `gh-pages` branch.
+  contents: write
+
 jobs:
  build-and-deploy-docs:
    runs-on: ubuntu-latest