From: Charles Giessen <charles@lunarg.com>
Date: Thu, 9 Mar 2023 17:39:04 +0000 (-0700)
Subject: Set github actions to only have read only permissions
X-Git-Tag: upstream/1.3.268~214
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dde24e4612875bce0f9445c49df1c81f6a1a54c3;p=platform%2Fupstream%2FVulkan-Loader.git

Set github actions to only have read only permissions

Because the loader only uses github actions to perform CI runs, it is good to set
the 'read-all' only, helping harden the github actions runners from potentially
compromised access.

For more context
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

Fixes #1148
---

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e66f1338..3f96cea4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,6 +14,7 @@
 # limitations under the License.
 #
 # Author: Lenny Komow <lenny@lunarg.com>
+# Author: Charles Giessen <charles@lunarg.com>
 
 name: CI Build
 
@@ -23,6 +24,8 @@ on:
         branches:
             - main
 
+permissions: read-all
+
 jobs:
     linux:
         runs-on: ${{matrix.os}}