Merge pull request #2400 from turrisxyz/setup-permissions

chore: Set permissions for GitHub actions

Author: bsipocz

.github/workflows/ci_crontests.yml

@@ -9,6 +9,9 @@ on:
     # run every Monday at 5am UTC
     - cron: '0 5 * * 1'
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: ${{ matrix.name }}

.github/workflows/ci_devtests.yml

@@ -18,6 +18,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: ${{ matrix.name }}

.github/workflows/ci_tests.yml

@@ -18,6 +18,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
 
 jobs:
   tests:

.github/workflows/codeql-analysis.yml

@@ -11,8 +11,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-latest