diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index ebd6140b..e7cd68c8 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -7,6 +7,9 @@ on: paths: - '**/gradle/wrapper/**' +permissions: + contents: read + jobs: validation: runs-on: ubuntu-latest diff --git a/.github/workflows/prepare-release-branch.yml b/.github/workflows/prepare-release-branch.yml index f5707348..379cc4a3 100644 --- a/.github/workflows/prepare-release-branch.yml +++ b/.github/workflows/prepare-release-branch.yml @@ -2,6 +2,9 @@ name: Prepare release branch on: workflow_dispatch: +permissions: + contents: read + jobs: prereqs: runs-on: ubuntu-latest @@ -21,6 +24,8 @@ jobs: fi create-pull-request-against-release-branch: + permissions: + contents: write # for Git to git push runs-on: ubuntu-latest needs: - prereqs @@ -74,6 +79,8 @@ jobs: --base $RELEASE_BRANCH_NAME create-pull-request-against-main: + permissions: + contents: write # for Git to git push runs-on: ubuntu-latest needs: - prereqs diff --git a/.github/workflows/reusable-markdown-link-check.yml b/.github/workflows/reusable-markdown-link-check.yml index 4e7ad15c..78b3f960 100644 --- a/.github/workflows/reusable-markdown-link-check.yml +++ b/.github/workflows/reusable-markdown-link-check.yml @@ -3,6 +3,9 @@ name: Reusable - Markdown link check on: workflow_call: +permissions: + contents: read + jobs: markdown-link-check: runs-on: ubuntu-latest diff --git a/.github/workflows/reusable-misspell-check.yml b/.github/workflows/reusable-misspell-check.yml index 7876c441..28eb76c5 100644 --- a/.github/workflows/reusable-misspell-check.yml +++ b/.github/workflows/reusable-misspell-check.yml @@ -3,6 +3,9 @@ name: Reusable - Misspell check on: workflow_call: +permissions: + contents: read + jobs: misspell-check: runs-on: ubuntu-latest