From 15e84dfb2ef89f3130f1f36f144ca4bc42d2f577 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@vmware.com>
Date: Mon, 1 Nov 2021 09:47:50 +0200
Subject: [PATCH] GH actions: limit GitHub token visibility

Token should be visible to only the code that actually needs it.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
---
 .github/workflows/ci.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e4367a04..e5bcfc11 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -95,11 +95,12 @@ jobs:
     runs-on: ubuntu-latest
     container: python:3-slim
     steps:
+      - name: Install dependencies
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install --upgrade coveralls
       - name: Finalize publishing on coveralls.io
         continue-on-error: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          python3 -m pip install --upgrade pip
-          python3 -m pip install --upgrade coveralls
-          coveralls --finish
+        run: coveralls --finish