This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 1640e2da4f [MINOR] Set permissions for GitHub actions (#4386)
1640e2da4f is described below
commit 1640e2da4fee165b5305b0f94e2c5296410f964a
Author: Naveen <172697+naveensriniva...@users.noreply.github.com>
AuthorDate: Sun Jul 10 05:51:44 2022 -0500
[MINOR] Set permissions for GitHub actions (#4386)
Restrict the GitHub token permissions only to the required ones; this way,
even if the attackers will succeed in compromising your workflow, they won’t be
able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn
requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: naveen <172697+naveensriniva...@users.noreply.github.com>
---
.github/workflows/quick.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/quick.yml b/.github/workflows/quick.yml
index 4783d9c08b..98bd9ffa87 100644
--- a/.github/workflows/quick.yml
+++ b/.github/workflows/quick.yml
@@ -7,6 +7,9 @@ on:
- branch-*
types: [opened, synchronize]
+permissions:
+ contents: read
+
jobs:
license-check:
runs-on: ubuntu-20.04
