From 6e31e188914d075d1734f28390596c13949b5485 Mon Sep 17 00:00:00 2001 From: Pierre Date: Wed, 24 Jul 2024 18:11:16 +0200 Subject: [PATCH] reduce GITHUB_TOKEN permissions on QA --- .github/workflows/qa.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index f3af6f1..d73c25f 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -12,6 +12,7 @@ jobs: name: > 'args' input runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: @@ -29,6 +30,7 @@ jobs: name: > 'projectBaseDir' input runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: @@ -49,6 +51,7 @@ jobs: name: > 'SONAR_TOKEN' env var required runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: @@ -67,6 +70,7 @@ jobs: name: > Don't fail on Gradle project runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: @@ -87,6 +91,7 @@ jobs: name: > Don't fail on Kotlin Gradle project runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: @@ -107,6 +112,7 @@ jobs: name: > Don't fail on Maven project runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: @@ -127,6 +133,7 @@ jobs: name: > 'RUNNER_DEBUG' is used runs-on: ubuntu-latest + permissions: {} steps: - uses: actions/checkout@v4 with: