Google Git
Sign in
foss-eda-tools/skywater-pdk/actions/7f662af022774fb6c805cf246b85e53bc1897be7^!/.
commit
7f662af022774fb6c805cf246b85e53bc1897be7
[log]
author
Tim 'mithro' Ansell <tansell@google.com>
Sat May 22 18:23:17 2021 -0700
committer
Tim 'mithro' Ansell <tansell@google.com>
Sat May 22 18:32:30 2021 -0700
tree
0fab4f495c5cb59e39e35e7f64816465fd9cc815
parent
bbc509d008328d17cb55bbbb3dcd4469b9ae59e1 [diff]
Use more restrictive permissions on the GitHub token.

Signed-off-by: Tim 'mithro' Ansell <tansell@google.com>

diff --git a/.github/workflows/build-docker-image-run-drc-for-cell-gds-using-magic.yml b/.github/workflows/build-docker-image-run-drc-for-cell-gds-using-magic.yml
index 62a48b5..119c69b 100644
--- a/.github/workflows/build-docker-image-run-drc-for-cell-gds-using-magic.yml
+++ b/.github/workflows/build-docker-image-run-drc-for-cell-gds-using-magic.yml

@@ -21,7 +21,13 @@
   push:
   pull_request_target:
 
+
+permissions:
+  contents: read
+
+
 jobs:
+
   # FIXME: Remove once GitHub Container Registry is working.
   # docker.pkg.github.com doesn't support buildx built packages, use
   # docker/build-push-action instead.
@@ -30,6 +36,9 @@
 
     runs-on: ubuntu-latest
 
+    permissions:
+      packages: write # ${{ github.event_name == "push" || github.event_name == "workflow_dispatch" }}
+
     steps:
     - name: Checkout code
       uses: actions/checkout@v2