From 9725129d74ca465f1b27b20a561de3c133fb6a78 Mon Sep 17 00:00:00 2001 From: Alex Date: Tue, 20 Sep 2022 15:19:54 +0200 Subject: [PATCH] GitHub Workflows security hardening (#5992) * build: harden update-changelog.yml permissions Signed-off-by: Alex * build: harden tests.yml permissions Signed-off-by: Alex * Update update-changelog.yml * Update tests.yml Co-authored-by: Dries Vints --- .github/workflows/tests.yml | 10 +++++++++- .github/workflows/update-changelog.yml | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b27e503d..695d2b38 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,6 +1,14 @@ name: Tests -on: [push, pull_request] +on: + push: + branches: + - master + - '*.x' + pull_request: + +permissions: + contents: read jobs: tests: diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index 1625bda1..ebda6206 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -4,6 +4,10 @@ on: release: types: [released] +permissions: {} + jobs: update: + permissions: + contents: write uses: laravel/.github/.github/workflows/update-changelog.yml@main