(tomcat) branch main updated: Add explicit read-only permissions to CI workflows

Wed, 13 May 2026 08:18:56 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 4dfceb0c0b Add explicit read-only permissions to CI workflows
4dfceb0c0b is described below

commit 4dfceb0c0b955f7cb07f596f61609b44075cfa29
Author: Arpit Jain <[email protected]>
AuthorDate: Tue May 12 21:57:14 2026 +0900

    Add explicit read-only permissions to CI workflows
---
 .github/workflows/ci-macos.yml | 3 +++
 .github/workflows/ci.yml       | 3 +++
 .github/workflows/coverity.yml | 5 ++++-
 .github/workflows/validate.yml | 4 +++-
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-macos.yml b/.github/workflows/ci-macos.yml
index 5191c6fdbb..35592bd87e 100644
--- a/.github/workflows/ci-macos.yml
+++ b/.github/workflows/ci-macos.yml
@@ -20,6 +20,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 env:
   LC_ALL: en_US.UTF-8
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 666d1724d0..ad803e7529 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,6 +23,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 env:
   LC_ALL: en_US.UTF-8
 
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index c2bb150672..1d1740ad22 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -20,6 +20,9 @@ on:
   schedule:
     - cron: 53 5 * * 0
 
+permissions:
+  contents: read
+
 jobs:
   coverity:
     runs-on: ubuntu-latest
@@ -36,4 +39,4 @@ jobs:
         token: ${{ secrets.COVERITY_SCAN_TOKEN }}
         email: ${{ secrets.COVERITY_SCAN_EMAIL }}
         build_language: java
-        command: ant
\ No newline at end of file
+        command: ant
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 48bebbc1bf..171d45ef0a 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -20,6 +20,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 env:
   LC_ALL: en_US.UTF-8
 
@@ -48,4 +51,3 @@ jobs:
 
       continue-on-error:
         false
-


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to