GitHub Workflows security hardening (#7136)

build: harden pip.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> Signed-off-by: Alex <aleksandrosansan@gmail.com>
halide · Oct 31, 2022 · 0c03ff8 · 0c03ff8
1 parent bd15cee
commit 0c03ff8
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml
@@ -17,6 +17,9 @@ concurrency:
 env:
  LLVM_VER: 15.0.1
 
+permissions:
+ contents: read # to fetch code (actions/checkout)
+
 jobs:
  pip-linux:
  name: Package Halide Python bindings