From 0a4eeb1f71867f60f1a0785fa3b7a39c1549939a Mon Sep 17 00:00:00 2001 From: Stewart Blacklock Date: Wed, 27 Nov 2024 10:03:21 -0800 Subject: [PATCH] OpenSSF Scorecard for Token Permissions OpenSSF Scorecard for Token Permissions requires maximum top level permission to be read-all (it was write). Moved contents write into specific step that requires them. --- .github/workflows/documentation.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 6347f46..cbe260f 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -2,12 +2,13 @@ name: documentation on: [push, pull_request, workflow_dispatch] -permissions: - contents: write +permissions: read-all jobs: docs: runs-on: ubuntu-latest + permissions: + contents: write steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v3