Re: [zeppelin] branch master updated: [MINOR] Set permissions for GitHub actions (#4386)

[emmanuel warreng <em...@gmail.com>]

Unsubscribe

On Sun, Jul 10, 2022, 12:51 <jo...@apache.org> wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> jongyoul pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/zeppelin.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>      new 1640e2da4f [MINOR] Set permissions for GitHub actions (#4386)
> 1640e2da4f is described below
>
> commit 1640e2da4fee165b5305b0f94e2c5296410f964a
> Author: Naveen <17...@users.noreply.github.com>
> AuthorDate: Sun Jul 10 05:51:44 2022 -0500
>
>     [MINOR] Set permissions for GitHub actions (#4386)
>
>     Restrict the GitHub token permissions only to the required ones; this
> way, even if the attackers will succeed in compromising your workflow, they
> won’t be able to do much.
>
>     - Included permissions for the action.
> https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
>
>
> https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
>
>
> https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
>
>     [Keeping your GitHub Actions and workflows secure Part 1: Preventing
> pwn requests](
> https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
> )
>
>     Signed-off-by: naveen <
> 172697+naveensrinivasan@users.noreply.github.com>
> ---
>  .github/workflows/quick.yml | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/.github/workflows/quick.yml b/.github/workflows/quick.yml
> index 4783d9c08b..98bd9ffa87 100644
> --- a/.github/workflows/quick.yml
> +++ b/.github/workflows/quick.yml
> @@ -7,6 +7,9 @@ on:
>        - branch-*
>      types: [opened, synchronize]
>
> +permissions:
> +  contents: read
> +
>  jobs:
>    license-check:
>      runs-on: ubuntu-20.04
>
>