From df86d1f33bc9995325be529ef86d06a5fa88649f Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Fri, 15 Aug 2025 17:06:30 +0100 Subject: [PATCH] Update workflow permissions Set workflow permissions to none and add job-level permissions instead. --- .github/workflows/benchmark.yml | 6 ++++-- .github/workflows/build.yml | 6 ++++-- .github/workflows/lint.yml | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 19a3d93a..fde5bbff 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -19,14 +19,16 @@ on: - '**/*.md' workflow_dispatch: -permissions: - contents: read +permissions: {} jobs: benchmark: name: benchmark runs-on: ubuntu-latest + permissions: + contents: read + steps: - name: Checkout code diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 13519155..65591c8a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,8 +14,7 @@ on: - dotnet-nightly workflow_dispatch: -permissions: - contents: read +permissions: {} env: DOTNET_NOLOGO: true @@ -30,6 +29,9 @@ jobs: name: ${{ matrix.os }} runs-on: ${{ matrix.os }} + permissions: + contents: read + strategy: fail-fast: false matrix: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f13a9b85..53a85047 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,8 +14,7 @@ on: - dotnet-nightly workflow_dispatch: -permissions: - contents: read +permissions: {} env: FORCE_COLOR: 3 @@ -25,6 +24,9 @@ jobs: lint: runs-on: ubuntu-latest + permissions: + contents: read + steps: - name: Checkout code