pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Restrict workflow permissions to contents: read
All checks were successful
CI / backend-lint (pull_request) Successful in 9s
Details
CI / actions-lint (pull_request) Successful in 15s
Details
CI / frontend-lint (pull_request) Successful in 20s
Details

Browse Source 
All CI jobs and the deploy workflow only need to read repo contents.
Adding explicit top-level permissions satisfies zizmor's
excessive-permissions audit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Julian Tabel
2026-02-17 19:34:07 +01:00
parent 2675491216
commit 22d72e8a34
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/ci.yml vendored
View File

@@ -18,6 +18,9 @@ on:
- ".gitignore" - ".gitignore"
- ".github/workflows/deploy.yml" - ".github/workflows/deploy.yml"
permissions:
contents: read
jobs: jobs:
backend-lint: backend-lint:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/deploy.yml vendored
View File

@@ -3,6 +3,9 @@ name: Deploy
on: on:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest