From 4cc1bf14af682797879f85e65479bd8b469671c1 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:54:02 -0400 Subject: [PATCH 1/3] ci: scope down permissions for release.yml --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03c0e20b1..8b4688f27 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: name: Create release from tag +permissions: + contents: write + jobs: build: name: Build From e3afb4869e21b6e36e3154b8b2f273ebbdbde7dd Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:54:04 -0400 Subject: [PATCH 2/3] ci: scope down permissions for test.yml --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 559676020..0cbaefa7c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,6 +11,9 @@ name: Unit tests env: GOFLAGS: "-buildvcs=false" +permissions: + contents: read + jobs: test: name: Test From 96e5b2e439d98d8ae232ad479480854028380d86 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:54:06 -0400 Subject: [PATCH 3/3] ci: scope down permissions for modules.yml --- .github/workflows/modules.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/modules.yml b/.github/workflows/modules.yml index 3d9db5aa3..290897b32 100644 --- a/.github/workflows/modules.yml +++ b/.github/workflows/modules.yml @@ -5,6 +5,9 @@ on: name: Create a module release from tag +permissions: + contents: write + jobs: build: name: Build