Locks down permissions to the job level with least privledge we can get away with

This commit is contained in:
Trenton H
2026-02-13 08:44:27 -08:00
parent 8db1c4e08b
commit 6b3e36eee6
13 changed files with 73 additions and 13 deletions

View File

@@ -9,10 +9,13 @@ on:
concurrency:
group: lint-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
lint:
name: Linting via prek
runs-on: ubuntu-slim
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v6.0.2