Home Explore Help
Register Sign In
Apq
/
Xray-core
mirror of https://github.com/XTLS/Xray-core.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add specific permissions to workflows under .github/workflows (#704)

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/release.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/test.yml

Co-authored-by: Step Security <[email protected]>
Varun Sharma 3 years ago
parent
496b2c02c5
commit
22e46b846c
2 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      .github/workflows/release.yml
  2. 2 0
      .github/workflows/test.yml

+ 2 - 0
.github/workflows/release.yml
View File 

@@ -21,6 +21,8 @@ on:
 
       - ".github/workflows/*.yml"
 
 jobs:
 
   build:
 
+    permissions:
 
+      contents: write
 
     strategy:
 
       matrix:
 
         # Include amd64 on all platforms.

+ 2 - 0
.github/workflows/test.yml
View File 

@@ -19,6 +19,8 @@ on:
 
 
 jobs:
 
   test:
 
+    permissions:
 
+      contents: read
 
     runs-on: ${{ matrix.os }}
 
     strategy:
 
       fail-fast: false