Merge pull request #175 from mlcommons/alert-autofix-8

Potential fix for code scanning alert no. 8: Workflow does not contain permissions

Author: anandhu-eng

.github/workflows/cla.yml

@@ -5,7 +5,11 @@ on:
     types: [created]
   pull_request_target:
     types: [opened,closed,synchronize]
-
+permissions:
+  contents: read
+  pull-requests: write
+  actions: read
+  statuses: write
 jobs:
   cla-check:
     runs-on: ubuntu-latest

.github/workflows/mlperf-inference-bert.yml

@@ -7,7 +7,8 @@ on:
       - '.github/workflows/test-mlperf-inference-bert-deepsparse-tf-onnxruntime-pytorch.yml'
       - '**'
       - '!**.md'
-
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ${{ matrix.os }}

.github/workflows/mlperf-inference-resnet50.yml

@@ -7,7 +7,8 @@ on:
       - '.github/workflows/mlperf-inference-resnet50.yml'
       - '**'
       - '!**.md'
-
+permissions:
+  contents: read
 jobs:
   build:
 

.github/workflows/publish.yml

@@ -8,9 +8,9 @@ on:
     branches:
       - main
       - dev
-
+permissions:
+  contents: read
 jobs:
-
   publish:
     name: Publish the site
     runs-on: ubuntu-latest
@@ -28,4 +28,4 @@ jobs:
         run: pip install -r docs/requirements.txt
 
       - name: Run Mkdocs deploy
-        run: mkdocs gh-deploy --force
+        run: mkdocs gh-deploy --force

.github/workflows/test-mlc-docker-core.yml

@@ -7,7 +7,8 @@ on:
       - '.github/workflows/test-mlc-docker-core.yml'
       - '**'
       - '!**.md'
-
+permissions:
+  contents: read
 jobs:
   test_mlc_docker_core:
 

.github/workflows/test-mlc-podman.yml

@@ -8,6 +8,9 @@ on:
       - '**'
       - '!**.md'
 
+permissions:
+  contents: read
+
 jobs:
   test_mlc_docker_core: