Skip to content

Commit 090fa98

Browse files
committed
fix(security): move GHA permissions to job level (SonarCloud S8264)
1 parent b0c2def commit 090fa98

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

.github/workflows/ci.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,14 @@ on:
66
pull_request:
77
branches: [main]
88

9-
permissions:
10-
contents: read
9+
permissions: {}
1110

1211
jobs:
1312
lint:
1413
name: Lint
1514
runs-on: ubuntu-latest
15+
permissions:
16+
contents: read
1617
continue-on-error: true # Allow migration to proceed
1718
steps:
1819
- uses: actions/checkout@v4
@@ -26,6 +27,8 @@ jobs:
2627
typecheck:
2728
name: Type Check
2829
runs-on: ubuntu-latest
30+
permissions:
31+
contents: read
2932
continue-on-error: true # Allow migration to proceed
3033
steps:
3134
- uses: actions/checkout@v4
@@ -39,6 +42,8 @@ jobs:
3942
test:
4043
name: Test
4144
runs-on: ubuntu-latest
45+
permissions:
46+
contents: read
4247
continue-on-error: true # Allow migration to proceed
4348
strategy:
4449
matrix:
@@ -61,6 +66,8 @@ jobs:
6166
build:
6267
name: Build
6368
runs-on: ubuntu-latest
69+
permissions:
70+
contents: read
6471
steps:
6572
- uses: actions/checkout@v4
6673
- uses: actions/setup-node@v4

0 commit comments

Comments
 (0)