From 72679ad02751b4e9840ac835adc3e97ee1e65999 Mon Sep 17 00:00:00 2001 From: Winford Date: Sun, 17 Aug 2025 18:49:01 +0000 Subject: [PATCH 1/2] Add permissions to check-formatting workflow Adds read only permissions to workflow for security. Bumps checkout action to v5. Signed-off-by: Winford --- .github/workflows/check-formatting.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check-formatting.yaml b/.github/workflows/check-formatting.yaml index 28fc159..1b6f13c 100644 --- a/.github/workflows/check-formatting.yaml +++ b/.github/workflows/check-formatting.yaml @@ -23,7 +23,11 @@ jobs: format-check: runs-on: ubuntu-24.04 container: erlang:28 + permissions: + contents: read + steps: + - name: "Install deps" run: | apt install -y git @@ -35,7 +39,8 @@ jobs: cd erlfmt rebar3 as release escriptize - - uses: actions/checkout@v4 + - name: "Checkout code" + uses: actions/checkout@v5 - name: "Check formatting with erlfmt" run: | From bbaa4d488990341b5e3c506156d644c9c5d606c5 Mon Sep 17 00:00:00 2001 From: Winford Date: Sun, 17 Aug 2025 18:52:30 +0000 Subject: [PATCH 2/2] Add permissions to reuse workflow Adds read only permissions to workflow for security. Bumps checkout action to v5. Signed-off-by: Winford --- .github/workflows/reuse-lint.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reuse-lint.yaml b/.github/workflows/reuse-lint.yaml index a17156b..921c29f 100644 --- a/.github/workflows/reuse-lint.yaml +++ b/.github/workflows/reuse-lint.yaml @@ -13,7 +13,10 @@ concurrency: jobs: test: runs-on: ubuntu-24.04 + permissions: + contents: read + steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: REUSE Compliance Check uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542