Unsubscribe On Sun, Jul 10, 2022, 12:51 <jongy...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository. > > jongyoul pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/zeppelin.git > > > The following commit(s) were added to refs/heads/master by this push: > new 1640e2da4f [MINOR] Set permissions for GitHub actions (#4386) > 1640e2da4f is described below > > commit 1640e2da4fee165b5305b0f94e2c5296410f964a > Author: Naveen <172697+naveensriniva...@users.noreply.github.com> > AuthorDate: Sun Jul 10 05:51:44 2022 -0500 > > [MINOR] Set permissions for GitHub actions (#4386) > > Restrict the GitHub token permissions only to the required ones; this > way, even if the attackers will succeed in compromising your workflow, they > won’t be able to do much. > > - Included permissions for the action. > https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions > > > https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions > > > https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs > > [Keeping your GitHub Actions and workflows secure Part 1: Preventing > pwn requests]( > https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ > ) > > Signed-off-by: naveen < > 172697+naveensriniva...@users.noreply.github.com> > --- > .github/workflows/quick.yml | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/.github/workflows/quick.yml b/.github/workflows/quick.yml > index 4783d9c08b..98bd9ffa87 100644 > --- a/.github/workflows/quick.yml > +++ b/.github/workflows/quick.yml > @@ -7,6 +7,9 @@ on: > - branch-* > types: [opened, synchronize] > > +permissions: > + contents: read > + > jobs: > license-check: > runs-on: ubuntu-20.04 > >
