diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6d22ed3..44615eb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,6 +11,9 @@ jobs: build-ios: name: Build iOS runs-on: macos-latest + permissions: + contents: read + actions: write steps: - name: Checkout code @@ -39,6 +42,9 @@ jobs: build-maccatalyst: name: Build macOS Catalyst runs-on: macos-latest + permissions: + contents: read + actions: write steps: - name: Checkout code @@ -69,6 +75,7 @@ jobs: runs-on: ubuntu-latest needs: [build-ios, build-maccatalyst] if: always() + permissions: {} steps: - name: Check build status diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d76078c..43e16f2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,6 +18,9 @@ jobs: build-ios: name: Build iOS runs-on: macos-latest + permissions: + contents: read + actions: write steps: - name: Checkout code @@ -72,6 +75,9 @@ jobs: build-maccatalyst: name: Build macOS runs-on: macos-latest + permissions: + contents: read + actions: write steps: - name: Checkout code @@ -128,6 +134,9 @@ jobs: runs-on: ubuntu-latest needs: [build-ios, build-maccatalyst] if: always() && needs.build-ios.result == 'success' && needs.build-maccatalyst.result == 'success' + permissions: + contents: write + actions: read steps: - name: Checkout code @@ -203,6 +212,7 @@ jobs: runs-on: ubuntu-latest needs: [build-ios, build-maccatalyst, create-release] if: always() + permissions: {} steps: - name: Check publish status diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1b30475..f834829 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,6 +10,10 @@ jobs: test: name: Run Tests runs-on: ubuntu-latest + permissions: + contents: read + checks: write + actions: write steps: - name: Checkout code