ci: Limit GitHub token permissions for workflows.

This limits the ability for an Action to do mischief with this token. Fixes #22786. Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2025-11-02 04:53:36 +00:00 · 2022-08-29 17:12:55 -07:00
parent f03eed5231
commit 6cdf2853ff
4 changed files with 16 additions and 0 deletions
--- a/.github/workflows/production-suite.yml
+++ b/.github/workflows/production-suite.yml
@@ -33,6 +33,9 @@ defaults:
  run:
    shell: bash

+permissions:
+  contents: read
+
 jobs:
  production_build:
    # This job builds a release tarball from the current commit, which