dtc/.github/workflows
Yedaya Katsman 4ad496846a Set default permissions for workflows
Old github repositories created before 2023 run jobs with a GITHUB_TOKEN
that has write permissions by default for PRs from inside the repo (not
a fork), unless set otherwise in the repository.[0][1]

[0] https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
[1] https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/

Set it explicitly so there won't be a chance that a compromise of an action
will be able to modify anything in the repository.

Pointed out by zizmor[2]
[2] https://github.com/zizmorcore/zizmor

Signed-off-by: Yedaya Katsman <yedaya.ka@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2026-06-13 14:29:32 +10:00
..
build.yml Set default permissions for workflows 2026-06-13 14:29:32 +10:00