diff options
| author | Alex <aleksandrosansan@gmail.com> | 2022-11-10 03:41:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-10 07:11:07 +0530 |
| commit | c789fb778798d682a1b2d3c74180ba8d20c23552 (patch) | |
| tree | c4243d67029ecefe8fb3675ca359421232e26944 | |
| parent | ed6bec168dd6af955f4ec0165356ac76b944c537 (diff) | |
| download | hypervideo-pre-c789fb778798d682a1b2d3c74180ba8d20c23552.tar.lz hypervideo-pre-c789fb778798d682a1b2d3c74180ba8d20c23552.tar.xz hypervideo-pre-c789fb778798d682a1b2d3c74180ba8d20c23552.zip | |
[build, test] Harden workflows' security (#5410)
Authored by: sashashura
| -rw-r--r-- | .github/workflows/build.yml | 9 | ||||
| -rw-r--r-- | .github/workflows/core.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/download.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/quick-test.yml | 3 |
4 files changed, 15 insertions, 3 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2a1b9a4aa..12e5426b1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,8 +1,12 @@ name: Build on: workflow_dispatch +permissions: + contents: read jobs: prepare: + permissions: + contents: write # for push_release runs-on: ubuntu-latest outputs: version_suffix: ${{ steps.version_suffix.outputs.version_suffix }} @@ -69,9 +73,6 @@ jobs: python pyinst.py --onedir (cd ./dist/yt-dlp_linux && zip -r ../yt-dlp_linux.zip .) python pyinst.py - - name: Get SHA2-SUMS - id: get_sha - run: | - name: Upload artifacts uses: actions/upload-artifact@v3 @@ -248,6 +249,8 @@ jobs: publish_release: + permissions: + contents: write # for action-gh-release runs-on: ubuntu-latest needs: [prepare, build_unix, build_windows, build_windows32, build_macos, build_macos_legacy] diff --git a/.github/workflows/core.yml b/.github/workflows/core.yml index d0e890b30..e12918626 100644 --- a/.github/workflows/core.yml +++ b/.github/workflows/core.yml @@ -1,5 +1,8 @@ name: Core Tests on: [push, pull_request] +permissions: + contents: read + jobs: tests: name: Core Tests diff --git a/.github/workflows/download.yml b/.github/workflows/download.yml index cc2da62fa..2b2387d4f 100644 --- a/.github/workflows/download.yml +++ b/.github/workflows/download.yml @@ -1,5 +1,8 @@ name: Download Tests on: [push, pull_request] +permissions: + contents: read + jobs: quick: name: Quick Download Tests diff --git a/.github/workflows/quick-test.yml b/.github/workflows/quick-test.yml index 53b74e2c7..8a0ac98bb 100644 --- a/.github/workflows/quick-test.yml +++ b/.github/workflows/quick-test.yml @@ -1,5 +1,8 @@ name: Quick Test on: [push, pull_request] +permissions: + contents: read + jobs: tests: name: Core Test |