GitHub Workflows security hardening (#8267)

Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-26 18:54:27 +02:00
parent 8f77677193
commit 1082ccd3cc
6 changed files with 18 additions and 0 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -6,6 +6,9 @@ name: XGBoost-CI
 # events but only for the master branch
 on: [push, pull_request]

+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
  gtest-cpu: