mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
gha: govulncheck: make sure read permissions are set
If any permission is set, any permission not included in the list is implicitly set to "none". see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions The govulncheck check need read permissions, which is not problematic for public repositories, but may be needed when running in a private fork (such as those used for security releases). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@@ -136,6 +136,8 @@ jobs:
|
||||
permissions:
|
||||
# required to write sarif report
|
||||
security-events: write
|
||||
# required to check out the repository
|
||||
contents: read
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
|
||||
Reference in New Issue
Block a user