diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 0a350bc10..2bb331343 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -5,6 +5,8 @@ on: [pull_request] jobs: build-and-test: runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: matrix: @@ -13,13 +15,14 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: use node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: npm - cache-dependency-path: package-lock.json - name: install run: | diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index ff15cc052..bb51dd12f 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -9,14 +9,18 @@ on: jobs: getCoverage: runs-on: ubuntu-latest - + permissions: + contents: read + steps: - uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: actions/setup-node@v4 with: node-version: '16' cache: npm - cache-dependency-path: package-lock.json - run: npm ci - run: npm i -g c8 codecov