From d73039a5d8a43e174139fa5e88ec71374974602f Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:14:04 -0400 Subject: [PATCH 1/3] ci: scope down permissions for gh-page.yml --- .github/workflows/gh-page.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/gh-page.yml b/.github/workflows/gh-page.yml index 058c3b7b..10064439 100644 --- a/.github/workflows/gh-page.yml +++ b/.github/workflows/gh-page.yml @@ -6,6 +6,10 @@ on: - main # Set a branch name to trigger deployment pull_request: +permissions: + contents: write + pages: write + jobs: deploy: runs-on: ubuntu-20.04 From 5a5c635df926381c6b310874851db69d30a1b31e Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:14:06 -0400 Subject: [PATCH 2/3] ci: scope down permissions for gh-discussion-open.yml --- .github/workflows/gh-discussion-open.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/gh-discussion-open.yml b/.github/workflows/gh-discussion-open.yml index a3112858..2239b29c 100644 --- a/.github/workflows/gh-discussion-open.yml +++ b/.github/workflows/gh-discussion-open.yml @@ -4,6 +4,9 @@ on: discussion: types: [created] +permissions: + contents: read + jobs: discussion-created: runs-on: ubuntu-latest From 89ca22cdfb846ce251ec0585dbe6a70f5690a4b8 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:14:08 -0400 Subject: [PATCH 3/3] ci: scope down permissions for gh-issue-open.yml --- .github/workflows/gh-issue-open.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/gh-issue-open.yml b/.github/workflows/gh-issue-open.yml index b6c8bac0..523746af 100644 --- a/.github/workflows/gh-issue-open.yml +++ b/.github/workflows/gh-issue-open.yml @@ -4,6 +4,9 @@ on: issues: types: [opened] +permissions: + contents: read + jobs: issue-opened: runs-on: ubuntu-latest