reduced permissions of GitHub actions (#4403)

This commit is contained in:
Oliver Stöneberg 2022-08-26 23:25:07 +02:00 committed by GitHub
parent 0e788fb697
commit cf1271889a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 54 additions and 0 deletions

View File

@ -6,6 +6,9 @@ name: CI-cygwin
on: [push,pull_request] on: [push,pull_request]
permissions:
contents: read
defaults: defaults:
run: run:
shell: cmd shell: cmd

View File

@ -6,6 +6,9 @@ name: CI-mingw
on: [push,pull_request] on: [push,pull_request]
permissions:
contents: read
defaults: defaults:
run: run:
shell: cmd shell: cmd

View File

@ -4,6 +4,9 @@ name: CI-unixish-docker
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -4,6 +4,9 @@ name: CI-unixish
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -6,6 +6,9 @@ name: CI-windows
on: [push,pull_request] on: [push,pull_request]
permissions:
contents: read
defaults: defaults:
run: run:
shell: cmd shell: cmd

View File

@ -4,6 +4,9 @@ name: address sanitizer
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -2,6 +2,9 @@ name: Build manual
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
convert_via_pandoc: convert_via_pandoc:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04

View File

@ -4,6 +4,9 @@ name: clang-tidy
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -2,6 +2,9 @@ name: "CodeQL"
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
analyze: analyze:
name: Analyze name: Analyze

View File

@ -4,6 +4,9 @@ name: Coverage
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -4,6 +4,9 @@ name: format
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -4,6 +4,9 @@ name: include-what-you-use
on: workflow_dispatch on: workflow_dispatch
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -12,6 +12,9 @@ on:
- cron: '0 0 * * *' - cron: '0 0 * * *'
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
defaults: defaults:
run: run:
shell: cmd shell: cmd

View File

@ -4,6 +4,9 @@ name: scriptcheck
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -4,6 +4,9 @@ name: selfcheck
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -4,6 +4,9 @@ name: thread sanitizer
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -4,6 +4,9 @@ name: undefined behaviour sanitizers
on: [push, pull_request] on: [push, pull_request]
permissions:
contents: read
jobs: jobs:
build: build:

View File

@ -5,6 +5,9 @@ name: valgrind
# on: [push, pull_request] # on: [push, pull_request]
on: workflow_dispatch on: workflow_dispatch
permissions:
contents: read
jobs: jobs:
build: build: