Skip to content

Commit 776d39f

Browse files
hugovkhugovk
authored
[3.11] Default GHA permissions to contents: read (GH-148346) (#148389)
(cherry picked from commit 9c9df8a)
1 parent 642865d commit 776d39f

File tree

11 files changed

+22
-11
lines changed

11 files changed

+22
-11
lines changed

.github/workflows/build.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ on:
1111
- 'main'
1212
- '3.*'
1313

14-
permissions: {}
14+
permissions:
15+
contents: read
1516

1617
concurrency:
1718
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}-reusable

.github/workflows/lint.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@ name: Lint
22

33
on: [push, pull_request, workflow_dispatch]
44

5-
permissions: {}
5+
permissions:
6+
contents: read
67

78
env:
89
FORCE_COLOR: 1

.github/workflows/new-bugs-announce-notifier.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@ on:
55
types:
66
- opened
77

8-
permissions: {}
8+
permissions:
9+
contents: read
910

1011
jobs:
1112
notify-new-bugs-announce:

.github/workflows/require-pr-label.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ on:
44
pull_request:
55
types: [opened, reopened, labeled, unlabeled, synchronize]
66

7-
permissions: {}
7+
permissions:
8+
contents: read
89

910
jobs:
1011
label:

.github/workflows/reusable-docs.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ on:
44
workflow_call:
55
workflow_dispatch:
66

7-
permissions: {}
7+
permissions:
8+
contents: read
89

910
concurrency:
1011
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}

.github/workflows/reusable-macos.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,8 @@ on:
99
type: boolean
1010
default: false
1111

12-
permissions: {}
12+
permissions:
13+
contents: read
1314

1415
jobs:
1516
build_macos:

.github/workflows/reusable-ubuntu.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ on:
88
required: true
99
type: string
1010

11-
permissions: {}
11+
permissions:
12+
contents: read
1213

1314
env:
1415
FORCE_COLOR: 1

.github/workflows/reusable-windows.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,8 @@ on:
66
type: boolean
77
default: false
88

9-
permissions: {}
9+
permissions:
10+
contents: read
1011

1112
jobs:
1213
build_win32:

.github/workflows/stale.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ on:
44
schedule:
55
- cron: "0 0 * * *"
66

7-
permissions: {}
7+
permissions:
8+
contents: read
89

910
jobs:
1011
stale:

.github/workflows/verify-ensurepip-wheels.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@ on:
1313
- '.github/workflows/verify-ensurepip-wheels.yml'
1414
- 'Tools/scripts/verify_ensurepip_wheels.py'
1515

16-
permissions: {}
16+
permissions:
17+
contents: read
1718

1819
concurrency:
1920
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}

0 commit comments

Comments
 (0)