Harden GITHUB_TOKEN permissions

Signed-off-by: Craig Ingram <cjingram@google.com>
2022-11-01 10:56:38 -04:00
parent 8167751f56
commit a270d6e8ae
11 changed files with 48 additions and 1 deletions
--- a/.github/workflows/images.yml
+++ b/.github/workflows/images.yml
@@ -9,6 +9,9 @@ on:
      image:
        description: "Target image name (override)"

+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
  mirror:
    name: "Mirror Image"