пре 1 месец · c8fdf606f3
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,6 +14,8 @@ jobs:
 
				   test:
			
 
				     name: Lint, Unit, Unit addons, Circular dependencies & Examples testing
			
 
				     runs-on: ubuntu-latest
			
 
				+    permissions:
			
 
				+      contents: read
			
 
				     steps:
			
 
				       - name: Git checkout
			
 
				         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
			
@@ -41,6 +43,8 @@ jobs:
 
				     name: E2E testing
			
 
				     runs-on: ${{ matrix.os }}
			
 
				     timeout-minutes: 30
			
 
				+    permissions:
			
 
				+      contents: read
			
 
				     strategy:
			
 
				       fail-fast: false
			
 
				       matrix:
			
--- a/.github/workflows/codeql-code-scanning.yml
+++ b/.github/workflows/codeql-code-scanning.yml
@@ -10,6 +10,9 @@ on:
 
				     - cron: '29 23 * * 0'
			
 
				   workflow_dispatch:
			
 
				 
			
 
				+permissions:
			
 
				+  contents: read
			
 
				+
			
 
				 jobs:
			
 
				   analyze:
			
 
				     name: Analyze
			
--- a/.github/workflows/protected-folders.yml
+++ b/.github/workflows/protected-folders.yml
@@ -6,12 +6,12 @@ on:
 
				       - 'build/**'
			
 
				       - 'docs/**'
			
 
				 
			
 
				-permissions:
			
 
				-  contents: read
			
 
				+permissions: {}
			
 
				 
			
 
				 jobs:
			
 
				   check:
			
 
				     runs-on: ubuntu-latest
			
 
				+    permissions: {}
			
 
				     steps:
			
 
				       - name: Check for protected folder changes
			
 
				         if: ${{ github.event.pull_request.author_association != 'OWNER' && github.event.pull_request.author_association != 'COLLABORATOR' }}
			
--- a/.github/workflows/read-size.yml
+++ b/.github/workflows/read-size.yml
@@ -18,6 +18,8 @@ jobs:
 
				   read-size:
			
 
				     name: Tree-shaking
			
 
				     runs-on: ubuntu-latest
			
 
				+    permissions:
			
 
				+      contents: read
			
 
				     steps:
			
 
				       - name: Git checkout
			
 
				         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
			
--- a/.github/workflows/report-size.yml
+++ b/.github/workflows/report-size.yml
@@ -6,18 +6,20 @@ on:
 
				     types:
			
 
				       - completed
			
 
				 
			
 
				-# This workflow needs to be run with "pull-requests: write" permissions to
			
 
				-# be able to comment on the pull request. We can't checkout the PR code
			
 
				-# in this workflow.
			
 
				-# Reference:
			
 
				-# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
			
 
				 permissions:
			
 
				-  pull-requests: write
			
 
				+  contents: read
			
 
				 
			
 
				 jobs:
			
 
				   report-size:
			
 
				     name: Comment on PR
			
 
				     runs-on: ubuntu-latest
			
 
				+    # This job needs "pull-requests: write" permissions to be able to comment
			
 
				+    # on the pull request. We can't checkout the PR code in this workflow.
			
 
				+    # Reference:
			
 
				+    # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
			
 
				+    permissions:
			
 
				+      contents: read
			
 
				+      pull-requests: write
			
 
				     if: github.event.workflow_run.event == 'pull_request' &&
			
 
				       github.event.workflow_run.conclusion == 'success'
			
 
				     steps: