about summary refs log tree commit diff
diff options
context:
space:
mode:
authorGraham Christensen <graham@grahamc.com>2021-04-24 13:05:17 -0400
committerGraham Christensen <graham@grahamc.com>2021-04-24 13:07:57 -0400
commit9d95ba3dd6aaf60082e040f7762a81fb9cc23c67 (patch)
tree381db087939a164e32f011f15d6789e43df2e795
parentb7e08de1e9e9a3e484fd8952151c59571e5c479c (diff)
actions: add some permission restrictions
-rw-r--r--.github/workflows/labels.yml4
-rw-r--r--.github/workflows/manual-nixos.yml2
-rw-r--r--.github/workflows/manual-nixpkgs.yml2
3 files changed, 8 insertions, 0 deletions
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index 4232ceb623682..4d1e2a2a0f95c 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -4,6 +4,10 @@ on:
   pull_request_target:
     types: [edited, opened, synchronize, reopened]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   labels:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml
index fa1f8fc6911e9..c885f6f7665c0 100644
--- a/.github/workflows/manual-nixos.yml
+++ b/.github/workflows/manual-nixos.yml
@@ -1,5 +1,7 @@
 name: "Build NixOS manual"
 
+permissions: read-all
+
 on:
   pull_request_target:
     branches:
diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml
index 192a4c6868a43..6f7ad10efd905 100644
--- a/.github/workflows/manual-nixpkgs.yml
+++ b/.github/workflows/manual-nixpkgs.yml
@@ -1,5 +1,7 @@
 name: "Build Nixpkgs manual"
 
+permissions: read-all
+
 on:
   pull_request_target:
     branches: