Limit token permissions in GitHub workflows (#440)

See ea7e27ed41/docs/checks.md (token-permissions)
2025-11-26 17:09:10 +08:00 · 2024-11-13 19:01:45 -07:00
parent af45dcfe3c
commit 07e0f1c008
29 changed files with 129 additions and 17 deletions
--- a/.github/workflows/update-checksums-file.yml
+++ b/.github/workflows/update-checksums-file.yml
@@ -7,11 +7,13 @@ on:
  workflow_dispatch:

 permissions:
-  contents: write
-  pull-requests: write
+  contents: read

 jobs:
  update-checksums:
+    permissions:
+      contents: write
+      pull-requests: write
    name: Update checksums
    runs-on: ubuntu-latest