Skip to content

Commit a50c00d

Browse files
zerosnackszerosnacks
committed
scope permissions, cache requires write
1 parent 916b1a6 commit a50c00d

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

.github/workflows/ci.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
name: CI
22

3+
permissions:
4+
contents: read
5+
36
on:
47
push:
58
branches: [main]
@@ -18,6 +21,8 @@ jobs:
1821
name: test ${{ matrix.rust }} ${{ matrix.flags }} (${{ matrix.os }})
1922
runs-on: ${{ matrix.os }}
2023
timeout-minutes: 30
24+
permissions:
25+
actions: write
2126
strategy:
2227
fail-fast: false
2328
matrix:
@@ -30,6 +35,8 @@ jobs:
3035
flags: "--all-features"
3136
steps:
3237
- uses: actions/checkout@v5
38+
with:
39+
persist-credentials: false
3340
- uses: dtolnay/rust-toolchain@master
3441
with:
3542
toolchain: ${{ matrix.rust }}
@@ -48,8 +55,12 @@ jobs:
4855
doctest:
4956
runs-on: ubuntu-latest
5057
timeout-minutes: 30
58+
permissions:
59+
actions: write
5160
steps:
5261
- uses: actions/checkout@v5
62+
with:
63+
persist-credentials: false
5364
- uses: dtolnay/rust-toolchain@stable
5465
- uses: Swatinem/rust-cache@v2
5566
with:
@@ -59,8 +70,12 @@ jobs:
5970
feature-checks:
6071
runs-on: ubuntu-latest
6172
timeout-minutes: 30
73+
permissions:
74+
actions: write
6275
steps:
6376
- uses: actions/checkout@v5
77+
with:
78+
persist-credentials: false
6479
- uses: dtolnay/rust-toolchain@stable
6580
- uses: taiki-e/install-action@cargo-hack
6681
- uses: Swatinem/rust-cache@v2
@@ -72,8 +87,12 @@ jobs:
7287
clippy:
7388
runs-on: ubuntu-latest
7489
timeout-minutes: 30
90+
permissions:
91+
actions: write
7592
steps:
7693
- uses: actions/checkout@v5
94+
with:
95+
persist-credentials: false
7796
- uses: dtolnay/rust-toolchain@stable
7897
with:
7998
components: clippy
@@ -87,8 +106,12 @@ jobs:
87106
docs:
88107
runs-on: ubuntu-latest
89108
timeout-minutes: 30
109+
permissions:
110+
actions: write
90111
steps:
91112
- uses: actions/checkout@v5
113+
with:
114+
persist-credentials: false
92115
- uses: dtolnay/rust-toolchain@nightly
93116
- uses: Swatinem/rust-cache@v2
94117
with:
@@ -102,6 +125,8 @@ jobs:
102125
timeout-minutes: 30
103126
steps:
104127
- uses: actions/checkout@v5
128+
with:
129+
persist-credentials: false
105130
- uses: dtolnay/rust-toolchain@nightly
106131
with:
107132
components: rustfmt
@@ -113,6 +138,7 @@ jobs:
113138
ci-success:
114139
runs-on: ubuntu-latest
115140
if: always()
141+
permissions: {}
116142
needs:
117143
- test
118144
- doctest

0 commit comments

Comments
 (0)