Fix top level permissions in workflows again

jt-nti · jt-nti · commit a44d82f00a5e · 2025-02-07T20:03:32.000Z
Another attempt to get the permissions right!

Signed-off-by: James Taylor &lt;jamest@uk.ibm.com&gt;
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -16,6 +16,11 @@ on:
         required: false
         type: string
 
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/go-contract-image.yml b/.github/workflows/go-contract-image.yml
@@ -14,6 +14,8 @@ on:
     paths:
       - 'samples/go-contract/**'
 
+permissions: read-all
+
 jobs:
   docker_build:
     name: Docker build
diff --git a/.github/workflows/java-contract-image.yml b/.github/workflows/java-contract-image.yml
@@ -14,6 +14,8 @@ on:
     paths:
       - 'samples/java-contract/**'
 
+permissions: read-all
+
 jobs:
   docker_build:
     name: Docker build
diff --git a/.github/workflows/node-contract-image.yml b/.github/workflows/node-contract-image.yml
@@ -14,6 +14,8 @@ on:
     paths:
       - 'samples/node-contract/**'
 
+permissions: read-all
+
 jobs:
   docker_build:
     name: Docker build
diff --git a/.github/workflows/peer-image.yml b/.github/workflows/peer-image.yml
@@ -23,6 +23,10 @@ permissions: read-all
 jobs:
   docker_build:
     name: Docker build
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
     uses: ./.github/workflows/docker-build.yml
     with:
       image-name: ghcr.io/hyperledger-labs/fabric-builder-k8s/k8s-fabric-peer
