add permissions to github actions

author: mattip <matti.picus@gmail.com> 2022-10-02 19:51:32 +0300
committer: mattip <matti.picus@gmail.com> 2022-10-02 19:51:32 +0300
commit: 423368e53448685aae8a46217d9a92db5e611b6d (patch)
tree: 07ed07c844b6c942aa78411a4d74f166335b77fd /.github
parent: a5d2c58a55852f6e302e8362e9d703485d27bead (diff)
download: numpy-423368e53448685aae8a46217d9a92db5e611b6d.tar.gz
7 files changed, 22 insertions, 0 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 2b59206c2..598a4945d 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -22,6 +22,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   lint:
     if: "github.repository == 'numpy/numpy' && github.ref != 'refs/heads/main' && !contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip github]')"
diff --git a/.github/workflows/circleci.yml b/.github/workflows/circleci.yml
index 153e46d80..63c666891 100644
--- a/.github/workflows/circleci.yml
+++ b/.github/workflows/circleci.yml
@@ -1,6 +1,10 @@
 # To enable this workflow on a fork, comment out:
 #
 # if: github.repository == 'numpy/numpy'
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 on: [status]
 jobs:
   circleci_artifacts_redirector_job:
diff --git a/.github/workflows/cygwin.yml b/.github/workflows/cygwin.yml
index a7638174e..ba058f92e 100644
--- a/.github/workflows/cygwin.yml
+++ b/.github/workflows/cygwin.yml
@@ -14,6 +14,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   cygwin_build_test:
     runs-on: windows-latest
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index a220eb9ca..712348d08 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -7,6 +7,9 @@ on:
     paths:
       - 'environment.yml'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs: 
   build:
     name: Build base Docker image 
diff --git a/.github/workflows/gitpod.yml b/.github/workflows/gitpod.yml
index 1c33566a5..e1fe6f09c 100644
--- a/.github/workflows/gitpod.yml
+++ b/.github/workflows/gitpod.yml
@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     name: Build Gitpod Docker image
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 99db967b3..11eb110b2 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -3,6 +3,9 @@ on:
   pull_request_target:
     types: [opened, synchronize, reopened, edited]
 
+permissions:
+  contents: write # to add labels
+
 jobs:
   pr-labeler:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
index 4169a0b3f..13f2abbd0 100644
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@@ -31,6 +31,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   get_commit_message:
     name: Get commit message
author	mattip <matti.picus@gmail.com>	2022-10-02 19:51:32 +0300
committer	mattip <matti.picus@gmail.com>	2022-10-02 19:51:32 +0300
commit	423368e53448685aae8a46217d9a92db5e611b6d (patch)
tree	07ed07c844b6c942aa78411a4d74f166335b77fd /.github
parent	a5d2c58a55852f6e302e8362e9d703485d27bead (diff)
download	numpy-423368e53448685aae8a46217d9a92db5e611b6d.tar.gz