From f3f94468f3faf3732d7232dd40f041340b4027ae Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Mon, 15 Nov 2021 20:29:26 +0000 Subject: [PATCH] Restrict GITHUB_TOKEN in markdownlint action Currently, Actions in the dotnet/runtime repository have read/write access by default, unless their permissions have been explicitly declared. The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party `markdownlint-cli` npm package can do which is installed as part of the workflow. --- .github/workflows/markdownlint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index 202d6bbd2bf03..eeb9eb6fefe77 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -1,5 +1,8 @@ name: Markdownlint +permissions: + contents: read + on: pull_request: paths: