diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml index d723e6aa48..a4ec6d7d75 100644 --- a/.github/workflows/contrib.yml +++ b/.github/workflows/contrib.yml @@ -22,6 +22,9 @@ concurrency: group: contrib-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: stable: # Check each OS, all supported Python, minimum versions and latest releases diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 07bb90dc9e..76d4b43843 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -29,8 +29,12 @@ concurrency: group: tests-${{ github.ref }} cancel-in-progress: true +permissions: {} jobs: build: + permissions: + contents: read # to fetch code (actions/checkout) + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -80,6 +84,9 @@ jobs: stable: # Check each OS, all supported Python, minimum versions and latest releases + permissions: + contents: read # to fetch code (actions/checkout) + runs-on: ${{ matrix.os }} strategy: matrix: diff --git a/.github/workflows/tutorials.yml b/.github/workflows/tutorials.yml index 4f80942d17..2e6093fde5 100644 --- a/.github/workflows/tutorials.yml +++ b/.github/workflows/tutorials.yml @@ -9,6 +9,7 @@ concurrency: group: tutorials-${{ github.ref }} cancel-in-progress: true +permissions: {} jobs: tutorial: runs-on: ubuntu-latest