build: github Workflows security hardening (#11843)

2022-09-23 23:11:32 +02:00 · 2022-09-23 23:11:32 +02:00 · e292ad2b4c
parent fd2e1675f5
commit e292ad2b4c
2 changed files with 10 additions and 0 deletions
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -9,6 +9,10 @@ on:
  schedule:
    # Trigger every day at 16:00 UTC
    - cron:  '0 16 * * *'
+permissions:
+  contents: read # to fetch code (actions/checkout)
+  pull-requests: read # to fetch pull requests (golangci/golangci-lint-action)
+
 jobs:
  golangci-pr:
    if: github.ref != 'refs/heads/master'
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -24,9 +24,15 @@ on:
 ###############
 # Set the Job #
 ###############
+permissions: {}
+
 jobs:
  build:
    # Name the Job
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      statuses: write # to mark status of each linter run (github/super-linter)
+
    name: Lint Code Base
    # Set the agent to run on
    runs-on: ubuntu-latest