workflows: limit permissions to reading repo contents

Move the existing docs permissions stanza to the top of the workflow for
consistency.
This commit is contained in:
Benjamin Gilbert 2021-07-28 18:32:04 -04:00
parent 079528971c
commit d9483f89ad
4 changed files with 17 additions and 4 deletions

View File

@ -1,19 +1,21 @@
---
name: Docs
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
# This workflow pushes to the gh-pages branch, so the token needs write
# privileges for repo contents.
contents: write
jobs:
docs:
name: Build documentation
runs-on: ubuntu-latest
permissions:
# This job pushes to the gh-pages branch, so the token needs write
# privileges for repo contents.
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v2

View File

@ -7,6 +7,9 @@ on:
paths:
- 'configure.ac'
permissions:
contents: read
jobs:
ci-release-build:
name: "Sanity check release commits"

View File

@ -1,11 +1,15 @@
---
name: Rust
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
ACTIONS_LINTS_TOOLCHAIN: 1.53.0

View File

@ -1,11 +1,15 @@
---
name: Tests
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
tests:
# Distro configuration matrix