Merge pull request #1508 from mskanth972/AddPermissions

k8s-ci-robot · web-flow · commit c9632954dd59 · 2024-11-25T16:30:56.000Z
Add permissions to all GitHub actions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -20,6 +20,9 @@ on:
   schedule:
     - cron: '33 20 * * 5'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/container-image.yaml b/.github/workflows/container-image.yaml
@@ -1,6 +1,11 @@
 name: Container Images
 
 on: push
+
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   build:
     # this is to prevent the job to run at forked projects
diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yaml
@@ -7,6 +7,10 @@ on:
     paths:
       - "charts/**"
 
+permissions:
+  contents: write # Create new release to host chart artifacts
+  pages: write # Publish chart to pages
+
 jobs:
   release:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -4,6 +4,10 @@ on:
     # Sequence of patterns matched against refs/tags
     tags:
       - "v*" # Push events to matching v*, i.e. v1.0, v20.15.10
+
+permissions:
+  contents: write # Create releases
+
 jobs:
   build:
     name: Release
