This is an automated email from the ASF dual-hosted git repository.
pdallig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 23f4028d49 GitHub Workflows security hardening (#4467)
23f4028d49 is described below
commit 23f4028d49a2a6993f373138f856a8f0e7bc9108
Author: Alex <aleksandrosan...@gmail.com>
AuthorDate: Thu Sep 22 09:52:18 2022 +0200
GitHub Workflows security hardening (#4467)
* build: harden frontend.yml permissions
Signed-off-by: Alex <aleksandrosan...@gmail.com>
* build: harden core.yml permissions
Signed-off-by: Alex <aleksandrosan...@gmail.com>
---
.github/workflows/core.yml | 3 +++
.github/workflows/frontend.yml | 3 +++
2 files changed, 6 insertions(+)
diff --git a/.github/workflows/core.yml b/.github/workflows/core.yml
index 3ea6a07aa6..a31ba5a73d 100644
--- a/.github/workflows/core.yml
+++ b/.github/workflows/core.yml
@@ -25,6 +25,9 @@ defaults:
run:
shell: bash -l {0}
+permissions:
+ contents: read # to fetch code (actions/checkout)
+
jobs:
# test on core-modules
(zeppelin-interpreter,zeppelin-zengine,zeppelin-server),
# some interpreters are included, because zeppelin-server test depends on
them: spark, shell & markdown
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
index fedecf1603..a3a04e309c 100644
--- a/.github/workflows/frontend.yml
+++ b/.github/workflows/frontend.yml
@@ -21,6 +21,9 @@ env:
ZEPPELIN_LOCAL_IP: 127.0.0.1
INTERPRETERS:
'!hbase,!jdbc,!file,!flink,!cassandra,!elasticsearch,!bigquery,!alluxio,!livy,!groovy,!java,!neo4j,!submarine,!sparql,!mongodb'
+permissions:
+ contents: read # to fetch code (actions/checkout)
+
jobs:
run-e2e-tests-in-zeppelin-web:
runs-on: ubuntu-20.04
