mirror of
https://github.com/neovim/neovim.git
synced 2026-03-28 03:12:00 +00:00
ci: set default permissions for workflows
The default workflow permissions are overly broad; setting permissions explicitly at the workflow level ensures excessive permissions are not unintentionally granted to jobs. For details, see: https://docs.zizmor.sh/audits/#excessive-permissions
This commit is contained in:
Daniel Hast
2
.github/workflows/codeql.yml
vendored
2
.github/workflows/codeql.yml
vendored
@@ -12,6 +12,8 @@ on:
|
||||
branches: [ "master" ]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions: {}
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
|
||||
Reference in New Issue
Block a user