(sedona) branch master updated: [StepSecurity] ci: Harden GitHub Actions (#1320)

Mon, 08 Apr 2024 00:13:46 -0700 

This is an automated email from the ASF dual-hosted git repository.

jiayu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sedona.git


The following commit(s) were added to refs/heads/master by this push:
     new aadfff9f8 [StepSecurity] ci: Harden GitHub Actions (#1320)
aadfff9f8 is described below

commit aadfff9f85f1d25b36681dbc985c9304392da9a2
Author: StepSecurity Bot <[email protected]>
AuthorDate: Mon Apr 8 00:12:15 2024 -0700

    [StepSecurity] ci: Harden GitHub Actions (#1320)
    
    Signed-off-by: StepSecurity Bot <[email protected]>
---
 .github/workflows/docker-build.yml     | 3 +++
 .github/workflows/example.yml          | 3 +++
 .github/workflows/java.yml             | 3 +++
 .github/workflows/python-extension.yml | 3 +++
 .github/workflows/python.yml           | 3 +++
 5 files changed, 15 insertions(+)

diff --git a/.github/workflows/docker-build.yml 
b/.github/workflows/docker-build.yml
index 96acc4a61..c30a7f46a 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -14,6 +14,9 @@ on:
 env:
   MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
 
+permissions:
+  contents: read
+
 jobs:
   build:
     strategy:
diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml
index 5fe048089..f969da831 100644
--- a/.github/workflows/example.yml
+++ b/.github/workflows/example.yml
@@ -11,6 +11,9 @@ on:
     paths:
       - 'examples/**'
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
diff --git a/.github/workflows/java.yml b/.github/workflows/java.yml
index 353b25f2d..5c87ac265 100644
--- a/.github/workflows/java.yml
+++ b/.github/workflows/java.yml
@@ -27,6 +27,9 @@ on:
 env:
   MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
diff --git a/.github/workflows/python-extension.yml 
b/.github/workflows/python-extension.yml
index 0a8836899..b8c63711e 100644
--- a/.github/workflows/python-extension.yml
+++ b/.github/workflows/python-extension.yml
@@ -20,6 +20,9 @@ on:
       - 'pom.xml'
       - 'python/**'
 
+permissions:
+  contents: read
+
 jobs:
   build:
     strategy:
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index 80598cf70..0ebba2e70 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml
@@ -26,6 +26,9 @@ env:
   JAI_CODEC_VERSION: "1.1.3"
   JAI_IMAGEIO_VERSION: "1.1"
 
+permissions:
+  contents: read
+
 jobs:
   build:

Reply via email to