security: add explicit permissions to integration test workflows

vaind · claude · vaind · commit beedeaeae426 · 2025-09-22T12:38:24.000+02:00
Add minimal required permissions to address security alerts: .github/workflows/workflow-tests.yml: - contents: read (to read repository content) - pull-requests: write (updater creates/updates PRs) - issues: write (PRs are issues under the hood) .github/workflows/danger-workflow-tests.yml: - contents: read (to read repository content) - pull-requests: read (danger reads PR details) - issues: write (danger posts comments on PRs) This follows the principle of least privilege by explicitly limiting GITHUB_TOKEN permissions instead of using the broad default permissions. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/danger-workflow-tests.yml b/.github/workflows/danger-workflow-tests.yml
@@ -5,6 +5,11 @@ on:
   pull_request:
     types: [opened, synchronize, reopened, edited, ready_for_review]
 
+permissions:
+  contents: read
+  pull-requests: read
+  issues: write
+
 jobs:
   danger:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/workflow-tests.yml b/.github/workflows/workflow-tests.yml
@@ -4,6 +4,11 @@ name: Workflow Tests
 on:
   push:
 
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
 jobs:
   updater-create-pr:
     runs-on: ubuntu-latest
