diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index b43242d9a0..8544abef39 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -13,7 +13,8 @@ on: branches: - main name: benchmark pull requests -permissions: read-all +permissions: + contents: read jobs: runBenchmark: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8f9ad59ce9..8140b85806 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,8 @@ name: CI env: CI: true -permissions: read-all +permissions: + contents: read on: pull_request: push: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 94a0e456b4..3403879ab1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,14 +3,13 @@ name: "CodeQL Analysis" env: CODEQL_ENABLE_EXPERIMENTAL_FEATURES : true # CodeQL support for Rust is experimental -permissions: read-all +permissions: + contents: read on: pull_request: push: branches: [main] - schedule: - - cron: '0 0 * * *' # once in a day at 00:00 workflow_dispatch: jobs: diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index c4b8f95bb1..d0c6296962 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -5,7 +5,8 @@ on: branches: - main -permissions: read-all +permissions: + contents: read jobs: fossa: diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index abac6dde9c..9dc0e463af 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -5,7 +5,8 @@ on: pull_request: types: [ labeled, synchronize, opened, reopened ] -permissions: read-all +permissions: + contents: read jobs: integration_tests: diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml index 9986893c55..bcf83660af 100644 --- a/.github/workflows/markdown-link-check.yml +++ b/.github/workflows/markdown-link-check.yml @@ -8,7 +8,8 @@ on: paths: - '**/*.md' -permissions: read-all +permissions: + contents: read jobs: markdown-link-check: diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index f2e9753cb9..df4f269694 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -8,7 +8,8 @@ on: - cron: "50 3 * * 0" # once a week workflow_dispatch: -permissions: read-all +permissions: + contents: read jobs: analysis: diff --git a/.github/workflows/pr_naming.yml b/.github/workflows/pr_naming.yml index c7769d012d..51b67aab50 100644 --- a/.github/workflows/pr_naming.yml +++ b/.github/workflows/pr_naming.yml @@ -4,7 +4,8 @@ on: pull_request: types: [opened, synchronize, reopened, edited] -permissions: read-all +permissions: + contents: read jobs: validate-pr-title: diff --git a/.github/workflows/semver.yml b/.github/workflows/semver.yml index a5b4d4be4b..2ac285a875 100644 --- a/.github/workflows/semver.yml +++ b/.github/workflows/semver.yml @@ -1,7 +1,8 @@ name: Semver compliance env: CI: true -permissions: read-all +permissions: + contents: read on: pull_request: types: [ labeled, synchronize, opened, reopened ]