diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 05ede2e9..74f5e9d6 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,19 +1,21 @@ --- name: Docs + on: push: branches: [main] pull_request: branches: [main] +permissions: + # This workflow pushes to the gh-pages branch, so the token needs write + # privileges for repo contents. + contents: write + jobs: docs: name: Build documentation runs-on: ubuntu-latest - permissions: - # This job pushes to the gh-pages branch, so the token needs write - # privileges for repo contents. - contents: write steps: - name: Checkout repository uses: actions/checkout@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 399b6637..e8fcd42b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,9 @@ on: paths: - 'configure.ac' +permissions: + contents: read + jobs: ci-release-build: name: "Sanity check release commits" diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 0dce242a..ef6e38a7 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -1,11 +1,15 @@ --- name: Rust + on: push: branches: [main] pull_request: branches: [main] +permissions: + contents: read + env: CARGO_TERM_COLOR: always ACTIONS_LINTS_TOOLCHAIN: 1.53.0 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 45626be2..df1b1e07 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,11 +1,15 @@ --- name: Tests + on: push: branches: [main] pull_request: branches: [main] +permissions: + contents: read + jobs: tests: # Distro configuration matrix