[StepSecurity] ci: Harden GitHub Actions (iterative#8496)

step-security-bot · web-flow · commit c8e39523c378 · 2022-10-31T23:27:18.000+05:45
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/workflows/packages.yaml b/.github/workflows/packages.yaml
@@ -7,8 +7,13 @@ on:
     types: [released, prereleased]
   workflow_dispatch:
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   binary:
+    permissions:
+      contents: write  # for actions/upload-release-asset to upload release asset
     strategy:
       matrix:
         include:
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -17,6 +17,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   lint:
     timeout-minutes: 10
