Restrict permissions for GitHub actions (#2334)

naveensrinivasan · web-flow · commit 00e42332e405 · 2022-04-14T11:53:04.000-04:00
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -1,8 +1,14 @@
 on: [push, pull_request]
 name: linter
 
+permissions:
+  contents: read
+
 jobs:
   lint:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
     strategy:
       matrix:
         go-version: [1.x]
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -10,8 +10,14 @@ name: tests
 env:
   GO111MODULE: on
 
+permissions:
+  contents: read
+
 jobs:
   test:
+    permissions:
+      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
+      contents: read  # for actions/checkout to fetch code
     strategy:
       matrix:
         go-version: [1.x, 1.17.x]
