(cloudstack) branch main updated: [StepSecurity] ci: Harden GitHub Actions (#8209)

Sun, 26 Nov 2023 22:37:31 -0800 

This is an automated email from the ASF dual-hosted git repository.

rohit pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/main by this push:
     new f0b757e91ea [StepSecurity] ci: Harden GitHub Actions (#8209)
f0b757e91ea is described below

commit f0b757e91ea3ebaf1000b93c10462eda6b367509
Author: StepSecurity Bot <[email protected]>
AuthorDate: Sun Nov 26 22:37:19 2023 -0800

    [StepSecurity] ci: Harden GitHub Actions (#8209)
    
    Signed-off-by: StepSecurity Bot <[email protected]>
---
 .github/workflows/build.yml | 3 +++
 .github/workflows/ci.yml    | 3 +++
 .github/workflows/rat.yml   | 3 +++
 .github/workflows/ui.yml    | 3 +++
 4 files changed, 12 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 457dd2e1af4..1be892f4577 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,6 +23,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || 
github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-22.04
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c0422cd4bd0..d6b5f5a1c4f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,6 +23,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || 
github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     if: github.repository == 'apache/cloudstack'
diff --git a/.github/workflows/rat.yml b/.github/workflows/rat.yml
index d243fa863fe..64fa4c3da0c 100644
--- a/.github/workflows/rat.yml
+++ b/.github/workflows/rat.yml
@@ -23,6 +23,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || 
github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-22.04
diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml
index 280024b5a91..4d89977adf9 100644
--- a/.github/workflows/ui.yml
+++ b/.github/workflows/ui.yml
@@ -23,6 +23,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || 
github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-22.04

Reply via email to