From b96e20c1d9be4e6d5ea3e48c9c97e5ecd02f6055 Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Sat, 21 May 2022 00:55:21 -0700 Subject: ci: add GitHub token permissions (#92999) --- .github/workflows/build.yml | 3 +++ .github/workflows/build_msi.yml | 3 +++ .github/workflows/doc.yml | 3 +++ .github/workflows/new-bugs-announce-notifier.yml | 5 ++++- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e04633b..d800442 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,6 +22,9 @@ on: - '3.8' - '3.7' +permissions: + contents: read + jobs: check_source: name: 'Check for source changes' diff --git a/.github/workflows/build_msi.yml b/.github/workflows/build_msi.yml index ec18735..6044ae0 100644 --- a/.github/workflows/build_msi.yml +++ b/.github/workflows/build_msi.yml @@ -23,6 +23,9 @@ on: paths: - 'Tools/msi/**' +permissions: + contents: read + jobs: build_win32: name: 'Windows (x86) Installer' diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 8c4a034..9cd2516 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -24,6 +24,9 @@ on: - 'Doc/**' - 'Misc/**' +permissions: + contents: read + jobs: build_doc: name: 'Docs' diff --git a/.github/workflows/new-bugs-announce-notifier.yml b/.github/workflows/new-bugs-announce-notifier.yml index 8cd8344..b2b6347 100644 --- a/.github/workflows/new-bugs-announce-notifier.yml +++ b/.github/workflows/new-bugs-announce-notifier.yml @@ -5,6 +5,9 @@ on: types: - opened +permissions: + issues: read + jobs: notify-new-bugs-announce: runs-on: ubuntu-latest @@ -39,7 +42,7 @@ jobs: assignee : issue.data.assignees.map(assignee => { return assignee.login }), body : issue.data.body }; - + const data = { from: "CPython Issues ", to: "new-bugs-announce@python.org", -- cgit v0.12