Improve workflow

skrysmanski · Dec 1, 2023 · f875ada · f875ada
1 parent d631939
commit f875ada
Showing 1 changed file with 2 additions and 6 deletions.
diff --git a/.github/workflows/build-and-deploy.yaml b/.github/workflows/build-and-deploy.yaml
@@ -25,12 +25,8 @@ on:
 
 # Permissions for GITHUB_TOKEN for this workflow.
 #   See: https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
-# NOTE: Because of this, we don't use "@hash" but "@vX" for non-GitHub steps below. Usually you would use "@hash"
-#   as a security measure to pin a specific version. However, since we run with the minimal permissions
-#   here, malicious code couldn't do much harm (most likely).
-#   See: https://blog.gitguardian.com/github-actions-security-cheat-sheet/#use-specific-action-version-tags
-#permissions:
-#  contents: read
+permissions:
+  contents: read
 
 # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
 # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.