GH: explicitly set permissions in workflows
Some checks are pending
buildbot / buildbot (push) Waiting to run

These will override the default repo/org GITHUB_TOKEN scope.
This commit is contained in:
Andrew Clayton 2026-06-10 05:52:46 +01:00
parent 072f6fdbac
commit 8f3465ac7f
5 changed files with 16 additions and 0 deletions

View file

@ -6,6 +6,9 @@ on:
- master
- 'stable-1.*'
permissions:
contents: read
jobs:
buildbot:
uses: nginx/ci-self-hosted/.github/workflows/nginx-buildbot.yml@main

View file

@ -7,6 +7,9 @@ on:
pull_request:
types: [ opened, synchronize ]
permissions:
contents: read
jobs:
check-commit-messages:
runs-on: ubuntu-24.04

View file

@ -3,6 +3,10 @@ name: check-pr
on:
pull_request:
permissions:
contents: read
pull-requests: read
jobs:
check-pr:
uses: nginx/ci-self-hosted/.github/workflows/nginx-check-pr.yml@main

View file

@ -4,6 +4,9 @@ on:
pull_request:
types: [ opened, synchronize ]
permissions:
contents: read
jobs:
check-version-bump:
runs-on: ubuntu-24.04

View file

@ -6,6 +6,9 @@ on:
pull_request:
types: [ opened, synchronize ]
permissions:
contents: read
jobs:
check-whitespace:
runs-on: ubuntu-24.04