CI: define read-only permission for GitHub Workflow (#1175)

It secures the repo against erroneous or malicious actions from external jobs you call from your workflow. It's specially important for the case they get compromised, for example.

CI: define read-only permission for GitHub Workflow (#1175)
It secures the repo against erroneous or malicious actions from external jobs you call from your workflow. It's specially important for the case they get compromised, for example.
d7f672d1 · Diogo Teles Sant'Anna · GitHub · bdc5582b · d7f672d1
Unverified Commit d7f672d1 authored Mar 04, 2023 by Diogo Teles Sant'Anna Committed by GitHub Mar 03, 2023
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

.github/workflows/build.yml .github/workflows/build.yml +1 -0

No files found.
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,6 +5,7 @@ on:
  pull_request:
    branches: [ master ]
  workflow_dispatch:
+permissions: read-all
 jobs:
  cmake-build:
      strategy: