[Python-checkins] [3.10] Default GHA permissions to `contents: read` (GH-148346) (#148391)

Sat, 11 Apr 2026 23:39:33 -0700 

https://github.com/python/cpython/commit/80f0bc1834a815c9cae2d9005be6030fb896e459
commit: 80f0bc1834a815c9cae2d9005be6030fb896e459
branch: 3.10
author: Hugo van Kemenade <[email protected]>
committer: hugovk <[email protected]>
date: 2026-04-12T09:39:03+03:00
summary:

[3.10] Default GHA permissions to `contents: read` (GH-148346) (#148391)

(cherry picked from commit 9c9df8ac8cbb8f539b3f342d01e40b7a0a57dcbf)

files:
M .github/workflows/build.yml
M .github/workflows/stale.yml
M .github/workflows/verify-ensurepip-wheels.yml
M .github/workflows/verify-expat.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8a1d371f2f9048..7cbd43da6fc94a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,7 +11,8 @@ on:
     - 'main'
     - '3.*'
 
-permissions: {}
+permissions:
+  contents: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 8949defda4d15c..93d7fcec881105 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -4,7 +4,8 @@ on:
   schedule:
   - cron: "0 0 * * *"
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   stale:
diff --git a/.github/workflows/verify-ensurepip-wheels.yml 
b/.github/workflows/verify-ensurepip-wheels.yml
index b18fc92a0499d1..fe27c4f09319ec 100644
--- a/.github/workflows/verify-ensurepip-wheels.yml
+++ b/.github/workflows/verify-ensurepip-wheels.yml
@@ -13,7 +13,8 @@ on:
       - '.github/workflows/verify-ensurepip-wheels.yml'
       - 'Tools/scripts/verify_ensurepip_wheels.py'
 
-permissions: {}
+permissions:
+  contents: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
diff --git a/.github/workflows/verify-expat.yml 
b/.github/workflows/verify-expat.yml
index e193dfa4603e8a..472a11db2da5fb 100644
--- a/.github/workflows/verify-expat.yml
+++ b/.github/workflows/verify-expat.yml
@@ -11,7 +11,8 @@ on:
       - 'Modules/expat/**'
       - '.github/workflows/verify-expat.yml'
 
-permissions: {}
+permissions:
+  contents: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]

Reply via email to