From 7b2f3d1518d3cb39b2e7e33e22eed8fa0bd9c96a Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Mon, 20 Oct 2025 21:36:15 -0400 Subject: [PATCH 1/3] Scope down GitHub token permissions for beta.yml --- .github/workflows/beta.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml index 5c5fa864..010cdaa9 100644 --- a/.github/workflows/beta.yml +++ b/.github/workflows/beta.yml @@ -3,6 +3,11 @@ on: workflow_dispatch: push: tags: ['beta*.*'] + +permissions: + contents: read + packages: write + jobs: build: runs-on: macos-latest From 6214b308702d7bb479e722d4b2eac84b8949d390 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Mon, 20 Oct 2025 21:36:27 -0400 Subject: [PATCH 2/3] Scope down GitHub token permissions for lint.yml --- .github/workflows/lint.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d840fc39..edf7826a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,6 +1,10 @@ name: Run linter on: workflow_call + +permissions: + contents: read + jobs: lint: runs-on: ubuntu-latest From 245ced153c9a38ff47ea2257c1b2dac72068f557 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Mon, 20 Oct 2025 21:36:32 -0400 Subject: [PATCH 3/3] Scope down GitHub token permissions for unit-tests.yml --- .github/workflows/unit-tests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 6819f8cc..96fe5c14 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -1,5 +1,10 @@ name: Run Unit tests on: workflow_call + +permissions: + contents: read + actions: read + jobs: unit-tests: runs-on: ubuntu-latest