CI: Add `permissions` to GitHub Actions This change locks down the permissions of the access token in GitHub Actions to only allow reading the repository contents and nothing else. see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

commit: 89c9d0a169cba49882044e081827971ba0b271cb [log] [tgz]
author: Tim Duesterhus <tim@bastelstu.be> Sat Oct 16 18:10:26 2021 +0200
committer: Willy Tarreau <w@1wt.eu> Mon Oct 18 07:17:04 2021 +0200
tree: fbd1277caeaf06d9a6c5d6a3ff8a07b20edeb522
parent: c5aa113d805aa31a59e3a26f5f656b1fa0d526d0 [diff] [blame]
diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
index 9f2bec2..fe6c271 100644
--- a/.github/workflows/compliance.yml
+++ b/.github/workflows/compliance.yml

@@ -5,6 +5,9 @@
   schedule:
     - cron: "0 0 * * 3"
 
+permissions:
+  contents: read
+
 jobs:
   h2spec:
     name: h2spec
commit	89c9d0a169cba49882044e081827971ba0b271cb	[log] [tgz]
author	Tim Duesterhus <tim@bastelstu.be>	Sat Oct 16 18:10:26 2021 +0200
committer	Willy Tarreau <w@1wt.eu>	Mon Oct 18 07:17:04 2021 +0200
tree	fbd1277caeaf06d9a6c5d6a3ff8a07b20edeb522
parent	c5aa113d805aa31a59e3a26f5f656b1fa0d526d0 [diff] [blame]