Harden GITHUB_TOKEN permissions

Signed-off-by: Craig Ingram <cjingram@google.com>
2022-11-01 10:56:38 -04:00
parent 8167751f56
commit a270d6e8ae
11 changed files with 48 additions and 1 deletions
--- a/.github/workflows/build-test-images.yml
+++ b/.github/workflows/build-test-images.yml
@@ -20,7 +20,7 @@ on:
        default: westeurope

 permissions:
-  packages: write
+  contents: read

 env:
  AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUB_ID }}
@@ -30,6 +30,8 @@ env:

 jobs:
  images:
+    permissions:
+      packages: write
    name: "Build volume test images"
    runs-on: ubuntu-latest
    timeout-minutes: 60