mirror of
https://github.com/dgibson/dtc.git
synced 2026-07-10 13:29:48 -04:00
Old github repositories created before 2023 run jobs with a GITHUB_TOKEN that has write permissions by default for PRs from inside the repo (not a fork), unless set otherwise in the repository.[0][1] [0] https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/ [1] https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ Set it explicitly so there won't be a chance that a compromise of an action will be able to modify anything in the repository. Pointed out by zizmor[2] [2] https://github.com/zizmorcore/zizmor Signed-off-by: Yedaya Katsman <yedaya.ka@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> |
||
|---|---|---|
| .. | ||
| build.yml | ||