Skip to content

Commit 5cc33f5

Browse files
komishkomish
authored
Add explicit token permissions (#547)
Signed-off-by: Jose R. Gonzalez <[email protected]>
1 parent d5ae17d commit 5cc33f5

File tree

7 files changed

+14
-0
lines changed

7 files changed

+14
-0
lines changed

.github/workflows/build.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ jobs:
88
unit-tests:
99
name: Unit Tests
1010
runs-on: ubuntu-latest
11+
permissions:
12+
contents: read
1113

1214
steps:
1315
- name: Checkout changes

.github/workflows/functional-tests.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,8 @@ on:
4949
jobs:
5050
run-functional-tests:
5151
runs-on: ubuntu-latest
52+
permissions:
53+
contents: read
5254
steps:
5355
- name: Checkout PR branch
5456
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

.github/workflows/golang-style.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ on:
88
jobs:
99
enforce:
1010
runs-on: ubuntu-latest
11+
permissions:
12+
contents: read
1113
steps:
1214
- name: Checkout code
1315
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

.github/workflows/main.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ jobs:
1515
image:
1616
name: Build and push container images
1717
runs-on: ubuntu-latest
18+
permissions:
19+
contents: read
1820
steps:
1921
- name: Checkout code
2022
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

.github/workflows/pr-functional-tests.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ jobs:
5353
target-sha: ${{ steps.emit-commit-ref.outputs.test-sha }}
5454
target-repo: ${{ steps.emit-commit-ref.outputs.test-repo }}
5555
runs-on: ubuntu-latest
56+
permissions:
57+
contents: read
5658
steps:
5759
- name: Parse Labeling Event
5860
id: parse-label-event

.github/workflows/python-style.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ on:
1414
jobs:
1515
enforce:
1616
runs-on: ubuntu-latest
17+
permissions:
18+
contents: read
1719
steps:
1820
- name: Checkout code
1921
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

.github/workflows/scan-branch-sbom.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ on:
1515
jobs:
1616
grype:
1717
runs-on: ubuntu-latest
18+
permissions:
19+
contents: read
1820
steps:
1921
- name: Checkout repo
2022
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

0 commit comments

Comments
 (0)