From 5cf6f5f6cb3d410af2f93ad928fe87deb6ecd0a7 Mon Sep 17 00:00:00 2001 From: Alex Rudenko Date: Tue, 15 Feb 2022 15:50:51 +0100 Subject: [PATCH] chore: declare workflow permissions as read-only (#8029) --- .github/workflows/main.yml | 3 +++ .github/workflows/publish-on-tag.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2334be24099..ff6bc79cf74 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,5 +1,8 @@ name: run-checks +# Declare default permissions as read only. +permissions: read-all + on: push: branches: diff --git a/.github/workflows/publish-on-tag.yml b/.github/workflows/publish-on-tag.yml index 53f05bcee9a..f4d9b4b0974 100644 --- a/.github/workflows/publish-on-tag.yml +++ b/.github/workflows/publish-on-tag.yml @@ -1,5 +1,8 @@ name: publish-on-tag +# Declare default permissions as read only. +permissions: read-all + on: push: tags: