Add permissions to workflows

nirinchev · nirinchev · commit 9a4c227a51b1 · 2025-01-27T14:24:48.000+01:00
diff --git a/.github/workflows/bump-packages.yaml b/.github/workflows/bump-packages.yaml
@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: none # we use the github app's token to checkout and push
+
 jobs:
   update_generated_files:
     name: Bump packages
diff --git a/.github/workflows/check-test.yaml b/.github/workflows/check-test.yaml
@@ -11,6 +11,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # we just need to checkout the repo
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   check-and-test:
diff --git a/.github/workflows/publish-packages.yaml b/.github/workflows/publish-packages.yaml
@@ -7,6 +7,9 @@ on:
     types:
       - completed
 
+permissions:
+  contents: none # we use the github app's token to checkout and push
+
 jobs:
   publish:
     if: |
diff --git a/.github/workflows/update-cidrs.yaml b/.github/workflows/update-cidrs.yaml
@@ -6,6 +6,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: none # we use the github app's token to checkout and push
+
 jobs:
   update_generated_files:
     name: Update automatically generated files
