diff options
author | Alex Low <aleksandrosansan@gmail.com> | 2022-09-19 12:20:37 +0200 |
---|---|---|
committer | Christian Marangi <ansuelsmth@gmail.com> | 2022-09-19 15:02:27 +0200 |
commit | 715259940776843d8799bc39de8eb50eb764189b (patch) | |
tree | c1335df0ea5bb357ac2c91ab90157873acff8686 /.github/workflows/labeler.yml | |
parent | 412fcf3d4400f84551f3ead0514834c62d94a251 (diff) | |
download | upstream-715259940776843d8799bc39de8eb50eb764189b.tar.gz upstream-715259940776843d8799bc39de8eb50eb764189b.tar.bz2 upstream-715259940776843d8799bc39de8eb50eb764189b.zip |
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Diffstat (limited to '.github/workflows/labeler.yml')
-rw-r--r-- | .github/workflows/labeler.yml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 6bcdf51a89..420617809b 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -2,8 +2,15 @@ name: 'Pull Request Labeler' on: - pull_request_target +permissions: + contents: read + jobs: labeler: + permissions: + contents: read # to determine modified files (actions/labeler) + pull-requests: write # to add labels to PRs (actions/labeler) + name: Pull Request Labeler runs-on: ubuntu-latest steps: |