ivuorinen/hiha-arvio
1
0
Fork 0
mirror of https://github.com/ivuorinen/hiha-arvio.git synced 2026-02-15 05:50:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: add explicit permissions to all workflow jobs

Browse Source 
- Add least-privilege permissions to all GitHub Actions jobs
- Fixes 8 CodeQL security findings (actions/missing-workflow-permissions)
- Build jobs: contents:read, actions:write
- Release job: contents:write, actions:read
- Test job: contents:read, checks:write, actions:write
- Status jobs: no permissions needed

Follows principle of least privilege and GitHub Actions security best practices.
This commit is contained in:
Ismo Vuorinen
2025-11-19 00:25:01 +02:00
parent 546b1ae25e
commit 76b48f1ef7
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/test.yml vendored
View File

@@ -10,6 +10,10 @@ jobs:
test:
name: Run Tests
runs-on: ubuntu-latest
permissions:
contents: read
checks: write
actions: write
steps:
- name: Checkout code