GitHub Workflows security hardening (#5992)

* build: harden update-changelog.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * build: harden tests.yml permissions Signed-off-by: Alex <aleksandrosansan@gmail.com> * Update update-changelog.yml * Update tests.yml Co-authored-by: Dries Vints <dries@vints.io>
2025-02-20 11:53:14 +08:00 · 2022-09-20 15:19:54 +02:00 · 2022-09-20 15:19:54 +02:00 · 9725129d74
commit 9725129d74
parent 4a73b5d57e
2 changed files with 13 additions and 1 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -1,6 +1,14 @@
 name: Tests

-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+      - '*.x'
+  pull_request:
+
+permissions:
+  contents: read

 jobs:
  tests:
--- a/.github/workflows/update-changelog.yml
+++ b/.github/workflows/update-changelog.yml
@ -4,6 +4,10 @@ on:
  release:
    types: [released]

+permissions: {}
+
 jobs:
  update:
+    permissions:
+      contents: write
    uses: laravel/.github/.github/workflows/update-changelog.yml@main