Added permissions to GitHub Actions jobs

2026-03-29 11:51:37 +00:00 · 2026-03-22 14:53:05 +01:00 · 2026-03-22 14:53:05 +01:00 · 5e8fce8907
commit 5e8fce8907
parent 309d36897e
1 changed files with 5 additions and 0 deletions
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@ -14,6 +14,8 @@ jobs:
  read_metadata:
    name: Read metadata
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    outputs:
      formatted_version: ${{ steps.format_metadata.outputs.formatted_version }}
      formatted_build_time: ${{ steps.format_metadata.outputs.formatted_build_time }}
@ -80,6 +82,8 @@ jobs:
  build_main:
    name: Build app (${{ matrix.dotnet_runtime }})
    needs: read_metadata
+    permissions:
+      contents: read
    
    strategy:
      fail-fast: true
@ -703,6 +707,7 @@ jobs:
    runs-on: ubuntu-latest
    needs: [build_main, read_metadata]
    if: startsWith(github.ref, 'refs/tags/v')
+    permissions: {}
    steps:
      - name: Create artifact directory
        run: mkdir -p $GITHUB_WORKSPACE/artifacts