<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.

</pre>
<p><a href="https://github.com/macports/macports-ports/commit/035aa79c6ac1a93e94d5e1cfde5480043a5ae7b0">https://github.com/macports/macports-ports/commit/035aa79c6ac1a93e94d5e1cfde5480043a5ae7b0</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'>     new 035aa79c6ac chore: Set permissions for GitHub actions
</span>035aa79c6ac is described below

<span style='display:block; white-space:pre;color:#808000;'>commit 035aa79c6ac1a93e94d5e1cfde5480043a5ae7b0
</span>Author: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
AuthorDate: Fri Jun 17 01:00:02 2022 +0000

<span style='display:block; white-space:pre;color:#404040;'>    chore: Set permissions for GitHub actions
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>     Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
</span>---
 .github/workflows/main.yml | 3 +++
 1 file changed, 3 insertions(+)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
</span><span style='display:block; white-space:pre;color:#808080;'>index 511daa78f23..cb3d38615d6 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/.github/workflows/main.yml
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/.github/workflows/main.yml
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -10,6 +10,9 @@ on:
</span>     branches-ignore:
       - master
 
<span style='display:block; white-space:pre;background:#e0ffe0;'>+permissions:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+  contents: read
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> jobs:
   build:
     name: ${{ matrix.os }}
</pre><pre style='margin:0'>

</pre>