Skip to content

Commit

Permalink
Explicit permissions for each job
Browse files Browse the repository at this point in the history
  • Loading branch information
@TWiStErRob
TWiStErRob committed Feb 2, 2024
1 parent a5d58a1 commit 7c9fdbf
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 3 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/gradle-dependency-submission.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,14 @@ on:
branches:
- main

permissions:
contents: write

jobs:
dependency-submission:
runs-on: ubuntu-latest

permissions:
# The Dependency Submission API requires write permission.
contents: write

steps:

- name: "Checkout sources"
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/merge-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ jobs:
matrix:
os: [ macos-latest, ubuntu-latest ]
if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}

permissions:
contents: read

steps:

- name: "Checkout sources"
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/publish-snapshot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ jobs:
publish:
name: "Publish to Sonatype"
runs-on: macos-latest

permissions:
contents: read

steps:

- name: "Checkout sources"
Expand Down

0 comments on commit 7c9fdbf

Please sign in to comment.