Add explicit permissions to GitHub workflows (#2899)

* build: harden release.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden main.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * Update .github/workflows/release.yml Co-authored-by: Mateusz Burzyński <mateuszburzynski@gmail.com>
emotion-js · Dec 1, 2022 · acb72a4 · acb72a4
1 parent 92be52d
commit acb72a4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -6,6 +6,9 @@ on:
       - main
   pull_request:
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   test:
     name: 'Tests on ${{matrix.platform}}'

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,8 +8,14 @@ on:
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
+permissions: {}
 jobs:
   release:
+    permissions:
+      contents: write # to create release 
+      issues: write # to post issue comments
+      pull-requests: write # to create pull request 
+
     name: Release
     runs-on: ubuntu-latest
     steps: