This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch staging-site
in repository https://gitbox.apache.org/repos/asf/cloudstack-www.git
The following commit(s) were added to refs/heads/staging-site by this push:
new e6eb01e5 [StepSecurity] ci: Harden GitHub Actions (#186)
e6eb01e5 is described below
commit e6eb01e5bd7462d11ac922bd36411e397b41c440
Author: StepSecurity Bot <[email protected]>
AuthorDate: Fri Apr 26 00:49:49 2024 -0700
[StepSecurity] ci: Harden GitHub Actions (#186)
Signed-off-by: StepSecurity Bot <[email protected]>
---
.github/workflows/deploy.yml | 5 +++++
.github/workflows/stage.yaml | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 37d9ebb3..11b4e828 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -23,8 +23,13 @@ on:
- main
pull_request:
+permissions:
+ contents: read
+
jobs:
deploy:
+ permissions:
+ contents: write # for peaceiris/actions-gh-pages to push pages branch
if: github.repository_owner == 'apache'
runs-on: ubuntu-latest
steps:
diff --git a/.github/workflows/stage.yaml b/.github/workflows/stage.yaml
index 23eae4e5..7fbe2f63 100644
--- a/.github/workflows/stage.yaml
+++ b/.github/workflows/stage.yaml
@@ -23,8 +23,13 @@ on:
- staging-site
pull_request:
+permissions:
+ contents: read
+
jobs:
deploy:
+ permissions:
+ contents: write # for peaceiris/actions-gh-pages to push pages branch
if: github.repository_owner == 'apache'
runs-on: ubuntu-latest
steps:
