This is an automated email from the ASF dual-hosted git repository.
hubcio pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iggy.git
The following commit(s) were added to refs/heads/master by this push:
new a5f85ea47 ci: declare explicit read-only permissions on reusable
workflows (#3243)
a5f85ea47 is described below
commit a5f85ea47daa42f99a577cb173fe06a06311aa6c
Author: Arpit Jain <[email protected]>
AuthorDate: Thu May 14 20:27:44 2026 +0900
ci: declare explicit read-only permissions on reusable workflows (#3243)
---
.github/workflows/_build_python_wheels.yml | 3 +++
.github/workflows/_build_rust_artifacts.yml | 3 +++
.github/workflows/_detect.yml | 3 +++
3 files changed, 9 insertions(+)
diff --git a/.github/workflows/_build_python_wheels.yml
b/.github/workflows/_build_python_wheels.yml
index ca698c26e..3341888a5 100644
--- a/.github/workflows/_build_python_wheels.yml
+++ b/.github/workflows/_build_python_wheels.yml
@@ -43,6 +43,9 @@ on:
description: "Name of the uploaded artifact containing wheels"
value: ${{ jobs.collect.outputs.artifact_name }}
+permissions:
+ contents: read
+
jobs:
linux:
runs-on: ${{ matrix.runner }}
diff --git a/.github/workflows/_build_rust_artifacts.yml
b/.github/workflows/_build_rust_artifacts.yml
index 324b0504e..268c7b1b6 100644
--- a/.github/workflows/_build_rust_artifacts.yml
+++ b/.github/workflows/_build_rust_artifacts.yml
@@ -53,6 +53,9 @@ on:
description: "Name of the uploaded artifact containing all artifacts"
value: ${{ jobs.collect.outputs.artifact_name }}
+permissions:
+ contents: read
+
env:
IGGY_CI_BUILD: true
diff --git a/.github/workflows/_detect.yml b/.github/workflows/_detect.yml
index 41a37ecb8..63f7add7f 100644
--- a/.github/workflows/_detect.yml
+++ b/.github/workflows/_detect.yml
@@ -51,6 +51,9 @@ on:
description: "Matrix for other components"
value: ${{ jobs.detect.outputs.other_matrix }}
+permissions:
+ contents: read
+
jobs:
detect:
runs-on: ubuntu-latest
