Merge pull request #24 from nodenv/default-permissions

Default toplevel permissions to read-all
nodenv · May 29, 2024 · cf1d379 · cf1d379
2 parents 85ab3c3 + 496a52f
commit cf1d379
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/workflow-templates/release.yml b/workflow-templates/release.yml
@@ -2,6 +2,8 @@ name: Release
 on:
   push: { tags: "v[0-9]+.[0-9]+.[0-9]+*" }
 
+permissions: read-all
+
 jobs:
   github:
     permissions: { contents: write }

diff --git a/workflow-templates/sync-default-branch.yml b/workflow-templates/sync-default-branch.yml
@@ -3,6 +3,8 @@ on:
   push: { branches: $default-branch }
   workflow_dispatch:
 
+permissions: read-all
+
 # One-time commands for users to switch-over:
 #
 # ```console

diff --git a/workflow-templates/test.yml b/workflow-templates/test.yml
@@ -1,6 +1,8 @@
 name: Test
 on: [push, pull_request, workflow_dispatch]
 
+permissions: read-all
+
 jobs:
   test:
     uses: nodenv/.github/.github/workflows/test.yml@v4