From b85d13fe0b81ec5c58df0a96d37de0fe8c4bb340 Mon Sep 17 00:00:00 2001
From: Owen Avery <powerboat9.gamer@gmail.com>
Date: Thu, 25 Apr 2024 13:08:14 -0400
Subject: [PATCH] Check for writes outside of the build directory

ChangeLog:

	* .github/workflows/ccpp.yml: Make files outside the build
	directory read-only.

Signed-off-by: Owen Avery <powerboat9.gamer@gmail.com>
---
 .github/workflows/ccpp.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml
index 1955a03ab094..3e6f4f22eb8f 100644
--- a/.github/workflows/ccpp.yml
+++ b/.github/workflows/ccpp.yml
@@ -41,6 +41,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w *
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -122,6 +125,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w *
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -205,6 +211,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w *
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;
@@ -264,6 +273,9 @@ jobs:
           # install Rust directly using rustup
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;
 
+    - name: Make Source Read-Only
+      run: chmod -R a-w *
+
     - name: Configure
       run: |
            mkdir -p gccrs-build;