[Python-checkins] ci: add GitHub token permissions (GH-92999)
miss-islington
webhook-mailer at python.org
Mon Oct 10 15:37:42 EDT 2022
https://github.com/python/cpython/commit/126929760a758748ebe1c71176c299ed888e8d10
commit: 126929760a758748ebe1c71176c299ed888e8d10
branch: 3.11
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022-10-10T12:37:37-07:00
summary:
ci: add GitHub token permissions (GH-92999)
(cherry picked from commit b96e20c1d9be4e6d5ea3e48c9c97e5ecd02f6055)
Co-authored-by: Varun Sharma <varunsh at stepsecurity.io>
files:
M .github/workflows/build.yml
M .github/workflows/build_msi.yml
M .github/workflows/doc.yml
M .github/workflows/new-bugs-announce-notifier.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index bb08b2ff62d5..3576eff6e352 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -22,6 +22,9 @@ on:
- '3.8'
- '3.7'
+permissions:
+ contents: read
+
jobs:
check_source:
name: 'Check for source changes'
diff --git a/.github/workflows/build_msi.yml b/.github/workflows/build_msi.yml
index ec18735e9b9f..6044ae0f7c29 100644
--- a/.github/workflows/build_msi.yml
+++ b/.github/workflows/build_msi.yml
@@ -23,6 +23,9 @@ on:
paths:
- 'Tools/msi/**'
+permissions:
+ contents: read
+
jobs:
build_win32:
name: 'Windows (x86) Installer'
diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml
index 73a6a50520e0..e06f21671b5a 100644
--- a/.github/workflows/doc.yml
+++ b/.github/workflows/doc.yml
@@ -25,6 +25,9 @@ on:
- 'Misc/**'
- '.github/workflows/doc.yml'
+permissions:
+ contents: read
+
jobs:
build_doc:
name: 'Docs'
diff --git a/.github/workflows/new-bugs-announce-notifier.yml b/.github/workflows/new-bugs-announce-notifier.yml
index 8cd834419f00..b2b63472d834 100644
--- a/.github/workflows/new-bugs-announce-notifier.yml
+++ b/.github/workflows/new-bugs-announce-notifier.yml
@@ -5,6 +5,9 @@ on:
types:
- opened
+permissions:
+ issues: read
+
jobs:
notify-new-bugs-announce:
runs-on: ubuntu-latest
@@ -39,7 +42,7 @@ jobs:
assignee : issue.data.assignees.map(assignee => { return assignee.login }),
body : issue.data.body
};
-
+
const data = {
from: "CPython Issues <github at mg.python.org>",
to: "new-bugs-announce at python.org",
More information about the Python-checkins
mailing list