Add permissions for read and write in build.yaml

Azure · Feb 2, 2024 · c75afa3 · c75afa3
1 parent cd43623
commit c75afa3
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -23,6 +23,9 @@ jobs:
   build:
     name: Build ${{ matrix.target_os }}_${{ matrix.target_arch }} binaries
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+      packages: write
     env:
       GOVER: '1.21'
       GOLANGCILINT_VER: v1.54
@@ -150,7 +153,8 @@ jobs:
     needs: build
     if: github.event_name != 'pull_request' && startswith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
-    permissions: write-all
+    permissions:
+      contents: write
     outputs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
     steps:
@@ -178,7 +182,8 @@ jobs:
   publish:
     name: Publish binaries
     needs: release
-    permissions: write-all
+    permissions:
+      contents: write
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
@@ -272,7 +277,6 @@ jobs:
   bump-winget:
     name: bump-winget
     needs: publish
-    permissions: write-all
     if: github.event_name != 'pull_request' && startswith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     steps: