From dc1f2e728d97c164ef204704b9a4edd5a7cceab6 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Mon, 10 Jul 2023 02:43:48 +0200 Subject: [PATCH] ci: restrict permissions of GITHUB_TOKEN closes #1616 --- .github/workflows/build.yml | 3 +++ .github/workflows/publish.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index acd7d807..08797988 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,8 @@ name: build +permissions: + contents: write + on: pull_request: branches: [ master ] diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 002a7095..96bad8fc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,6 +3,9 @@ name: publish to pypi +permissions: + contents: write + on: release: types: [published]