Restrict permissions of GitHub actions

uklotzde · orottier · commit 475ee8111750 · 2023-07-15T13:12:30.000+02:00
diff --git a/.github/workflows/msrv.yaml b/.github/workflows/msrv.yaml
@@ -2,8 +2,10 @@
 
 name: msrv
 
-# read-only repo token
-# no access to secrets
+# read-only repo token, no access to secrets
+permissions:
+  contents: read
+
 on:
   push:
     branches: [main]
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -3,6 +3,7 @@
 # Same name as the file for consistent identification
 name: pre-commit
 
+# read-only repo token, no access to secrets
 permissions:
   contents: read
 
diff --git a/.github/workflows/rust.yaml b/.github/workflows/rust.yaml
@@ -2,7 +2,10 @@
 
 name: Build
 
-# read-only repo token
+# read-only repo token, no access to secrets
+permissions:
+  contents: read
+
 # no access to secrets
 on:
   push:
