Skip to content

Commit 94aeadb

Browse files
JulusianJulusian
committed
chore: add missing permissions to github workflows
1 parent 4804da8 commit 94aeadb

File tree

6 files changed

+32
-0
lines changed

6 files changed

+32
-0
lines changed

.github/workflows/audit.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ on:
44
# Allows you to run this workflow manually from the Actions tab
55
workflow_dispatch:
66

7+
permissions:
8+
contents: read
9+
710
jobs:
811
validate-prod-core-dependencies:
912
name: Validate Core production dependencies

.github/workflows/node.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
pull_request:
1010
workflow_dispatch:
1111

12+
permissions:
13+
contents: read
14+
1215
jobs:
1316
lint-core:
1417
name: Typecheck and Lint Core
@@ -103,6 +106,11 @@ jobs:
103106
name: Build Core and publish docker image
104107
runs-on: ubuntu-latest
105108
timeout-minutes: 30
109+
110+
permissions:
111+
contents: read
112+
packages: write
113+
106114
steps:
107115
- uses: actions/checkout@v6
108116
with:
@@ -283,6 +291,10 @@ jobs:
283291
matrix:
284292
gateway-name: [playout-gateway, mos-gateway, "live-status-gateway"]
285293

294+
permissions:
295+
contents: read
296+
packages: write
297+
286298
steps:
287299
- uses: actions/checkout@v6
288300
with:
@@ -619,6 +631,9 @@ jobs:
619631
continue-on-error: true
620632
timeout-minutes: 15
621633

634+
permissions:
635+
contents: write
636+
622637
steps:
623638
- uses: actions/checkout@v6
624639
with:

.github/workflows/prune-container-images.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@ on:
55
schedule:
66
- cron: "12 14 * * *"
77

8+
permissions:
9+
contents: read
10+
packages: write
11+
812
jobs:
913
prune-container-images:
1014
if: ${{ github.repository_owner == 'Sofie-Automation' }}

.github/workflows/prune-tags.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ on:
1414
schedule:
1515
- cron: "0 0 * * 0"
1616

17+
permissions:
18+
contents: write
19+
1720
jobs:
1821
prune-tags:
1922
if: ${{ github.repository_owner == 'Sofie-Automation' }}

.github/workflows/sonar.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
types: [opened, synchronize, reopened]
1010
workflow_dispatch:
1111

12+
permissions:
13+
contents: read
14+
1215
name: SonarCloud analysis
1316
jobs:
1417
sonarqube:

.github/workflows/trivy.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ on:
44
schedule:
55
- cron: "0 10 * * 1"
66

7+
permissions:
8+
contents: read
9+
packages: read
10+
711
jobs:
812
trivy:
913
if: ${{ github.repository_owner == 'Sofie-Automation' }}

0 commit comments

Comments
 (0)