diff options
| author | Naveen <[email protected]> | 2022-05-31 16:23:12 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-05-31 23:23:12 +0200 |
| commit | 023eb3380d09f916a53c54eb86670d8c5db5c6e6 (patch) | |
| tree | 06294f8691940027259a0a144fcf8db34e4c35d1 /.github/workflows/windows.yml | |
| parent | d0318aac4a7fada53bf3cf5be6d2128db7cff5c3 (diff) | |
| download | raylib-023eb3380d09f916a53c54eb86670d8c5db5c6e6.tar.gz raylib-023eb3380d09f916a53c54eb86670d8c5db5c6e6.zip | |
chore: Set permissions for GitHub actions (#2496)
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: naveen <[email protected]>
Diffstat (limited to '.github/workflows/windows.yml')
| -rw-r--r-- | .github/workflows/windows.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 34d2db5f..4d6357cc 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -15,8 +15,13 @@ on: release: types: [published] +permissions: + contents: read + jobs: build: + permissions: + contents: write # for actions/upload-release-asset to upload release asset runs-on: windows-latest strategy: fail-fast: false |