You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by rv...@apache.org on 2022/04/11 08:38:54 UTC

[jena] branch main updated: Set permissions for GitHub actions

This is an automated email from the ASF dual-hosted git repository.

rvesse pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/jena.git


The following commit(s) were added to refs/heads/main by this push:
     new 2ac1a94e9f Set permissions for GitHub actions
     new 3956004108 Merge pull request #1255 from turrisxyz/naveen/feat/set-perms-actions
2ac1a94e9f is described below

commit 2ac1a94e9f4ed5625b586828cc0d8541df6e137e
Author: neilnaveen <42...@users.noreply.github.com>
AuthorDate: Mon Apr 11 01:10:31 2022 +0000

    Set permissions for GitHub actions
    
    - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
    
    https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
    
    https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
    
    [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
    
     Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
    
    Signed-off-by: neilnaveen <42...@users.noreply.github.com>
---
 .github/workflows/maven.yml         | 3 +++
 .github/workflows/maven_macos.yml   | 3 +++
 .github/workflows/maven_windows.yml | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 175fffe285..a7c379faf5 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -9,6 +9,9 @@ on: workflow_dispatch
 #  pull_request:
 #    branches: [ main ]
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
diff --git a/.github/workflows/maven_macos.yml b/.github/workflows/maven_macos.yml
index 9b4caee41a..1678c3a59f 100644
--- a/.github/workflows/maven_macos.yml
+++ b/.github/workflows/maven_macos.yml
@@ -3,6 +3,9 @@
 name: Apache Jena CI (MacOS)
 on: workflow_dispatch
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
diff --git a/.github/workflows/maven_windows.yml b/.github/workflows/maven_windows.yml
index 9e4bc2702e..98e5da2b79 100644
--- a/.github/workflows/maven_windows.yml
+++ b/.github/workflows/maven_windows.yml
@@ -3,6 +3,9 @@
 name: Apache Jena CI (MS Windows)
 on: workflow_dispatch
 
+permissions:
+  contents: read
+
 jobs:
   build: