[actions] restrict permissions for GITHUB_TOKEN

2021-09-10 06:09:45 +00:00
parent 2dad0455ec
commit 59532c74c6
8 changed files with 32 additions and 0 deletions
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -4,6 +4,8 @@ on: [pull_request, push]

 jobs:
  shellcheck_matrix:
+    permissions:
+      contents: read
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
@@ -32,6 +34,8 @@ jobs:
        run: shellcheck -s ${{ matrix.shell }} ${{ matrix.file }}

  shellcheck:
+      permissions:
+        contents: none
      needs: [shellcheck_matrix]
      runs-on: ubuntu-latest
      steps: