patch 9.0.0593: CI actions have too many permissions

author Alex <aleksandrosansan@gmail.com>

Mon, 26 Sep 2022 14:52:46 +0000 (15:52 +0100)

committer Bram Moolenaar <Bram@vim.org>

Mon, 26 Sep 2022 14:52:46 +0000 (15:52 +0100)
author Alex <aleksandrosansan@gmail.com>
Mon, 26 Sep 2022 14:52:46 +0000 (15:52 +0100)
committer Bram Moolenaar <Bram@vim.org>
Mon, 26 Sep 2022 14:52:46 +0000 (15:52 +0100)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml

index 6c1b35953ba6379a83a8716cc8e19da300d991e4..c9889498e18cc62e6e7c9fa106bbe3e7f3ad6360 100644 (file)
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,6 +12,9 @@ concurrency:
    group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
    cancel-in-progress: true
  
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
  jobs:
    linux:
      runs-on: ubuntu-20.04
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml

index efb9e66995960255706b0c152e88922991c61271..efd91a4de8b7c2b5c12830c5fd43cf4a9f2044d8 100644 (file)
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,8 +21,15 @@ concurrency:
    group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
    cancel-in-progress: true
  
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
  jobs:
    analyze:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      security-events: write #  (github/codeql-action/autobuild)
+
      name: Analyze
      runs-on: ubuntu-latest
  
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml

index ce21ab26266b7932b70697a9dd192f6c2e293630..9cbd34b40d015b673b21fab8bb10a82a7c433d1b 100644 (file)
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -4,6 +4,9 @@ on:
      - cron: '42 0 * * *'  # Run once per day, to avoid Coverity's submission limits
    workflow_dispatch:
  
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
  jobs:
    scan:
      runs-on: ubuntu-20.04
diff --git a/src/version.c b/src/version.c

index ab4cea34f705a9842a50267c4ad6fae93f15fb33..8f503f26e71a348f54ac7028c0e5c173395a661b 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -699,6 +699,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    593,
  /**/
      592,
  /**/
author	Alex <aleksandrosansan@gmail.com>
	Mon, 26 Sep 2022 14:52:46 +0000 (15:52 +0100)
committer	Bram Moolenaar <Bram@vim.org>
	Mon, 26 Sep 2022 14:52:46 +0000 (15:52 +0100)
.github/workflows/ci.yml		patch \| blob \| history
.github/workflows/codeql-analysis.yml		patch \| blob \| history
.github/workflows/coverity.yml		patch \| blob \| history
src/version.c		patch \| blob \| history