From c1699ea80c93ba971b810496683aec3cf17a72f2 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Mon, 3 Jan 2022 10:45:08 -0800 Subject: [PATCH] build: Constrain permissions for the "build" workflow steps This workflow only generates artifacts and doesn't need to modify anything about the repository. --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 825a6a1da..ff06462ea 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,6 +18,10 @@ on: env: PKG_NAME: "terraform" +permissions: + contents: read + statuses: write + jobs: get-product-version: name: "Determine intended Terraform version"