ci: define minimal permissions to github workflows (#1295)

diogoteles08 · web-flow · commit 553eb4c7a8c5 · 2023-06-19T09:53:04.000+01:00
Signed-off-by: Diogo Teles Sant'Anna &lt;diogoteles@google.com&gt;
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -20,6 +20,10 @@ on:
   schedule:
     - cron: '31 21 * * 6'
 
+# Minimal permissions to be inherited by any job that don't declare it's own permissions
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -7,6 +7,10 @@ on:
       - main
       - 'release-*'
 
+# Minimal permissions to be inherited by any job that don't declare it's own permissions
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Tests
@@ -39,4 +43,4 @@ jobs:
 
       - name: Run style and unused
         if: ${{ matrix.go_version == '1.20' }}
-        run: make style unused
+        run: make style unused
