From e2bc3d17818e42f3f1d52fc4fb2b88197caa2da1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20L=C3=A9one?= Date: Tue, 22 Jul 2025 10:56:57 +0200 Subject: [PATCH] chore: add permission to the github actions --- .github/workflows/acceptance-tests.yaml | 3 +++ .github/workflows/actionlint.yml | 3 +++ .github/workflows/announce.yaml | 3 +++ .github/workflows/codeql-analysis.yml | 3 +++ .github/workflows/documentation.yml | 4 ++++ .github/workflows/nightly.yml | 3 +++ .github/workflows/purge.yml | 4 ++++ .github/workflows/terrafmt.yml | 4 ++++ .github/workflows/tfproviderlint.yml | 3 +++ .github/workflows/unit-tests.yaml | 3 +++ 10 files changed, 33 insertions(+) diff --git a/.github/workflows/acceptance-tests.yaml b/.github/workflows/acceptance-tests.yaml index 4465ed93eb..9335776f02 100644 --- a/.github/workflows/acceptance-tests.yaml +++ b/.github/workflows/acceptance-tests.yaml @@ -1,5 +1,8 @@ name: Acceptance Tests +permissions: + contents: read + on: pull_request: merge_group: diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 0c6bff2a23..ccd5393dbc 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -1,6 +1,9 @@ name: Lint GitHub Actions workflows on: [push, pull_request] +permissions: + contents: read + jobs: actionlint: runs-on: ubuntu-latest diff --git a/.github/workflows/announce.yaml b/.github/workflows/announce.yaml index 67ef201d88..3ff6b2de1e 100644 --- a/.github/workflows/announce.yaml +++ b/.github/workflows/announce.yaml @@ -1,5 +1,8 @@ name: Slack Announcement +permissions: + contents: read + on: release: types: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f0bf67f1b0..21bbfcdbda 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -5,6 +5,9 @@ # or to provide custom queries or build logic. name: "CodeQL" +permissions: + contents: read + on: push: branches: [master] diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 81b85577e5..9153d6ce65 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -1,4 +1,8 @@ name: Documentation Checks + +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 24ba65f029..491659299f 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -1,5 +1,8 @@ name: Nightly Acceptance Tests +permissions: + contents: read + on: schedule: # Will run at 00:00 every day diff --git a/.github/workflows/purge.yml b/.github/workflows/purge.yml index 035d0319a1..b73174596d 100644 --- a/.github/workflows/purge.yml +++ b/.github/workflows/purge.yml @@ -1,4 +1,8 @@ name: Manual Purge + +permissions: + contents: read + on: workflow_dispatch: diff --git a/.github/workflows/terrafmt.yml b/.github/workflows/terrafmt.yml index 64d72975b1..aae953f92e 100644 --- a/.github/workflows/terrafmt.yml +++ b/.github/workflows/terrafmt.yml @@ -1,4 +1,8 @@ name: Run terrafmt + +permissions: + contents: read + on: pull_request: push: diff --git a/.github/workflows/tfproviderlint.yml b/.github/workflows/tfproviderlint.yml index 1550fdc5d5..56329af59d 100644 --- a/.github/workflows/tfproviderlint.yml +++ b/.github/workflows/tfproviderlint.yml @@ -1,5 +1,8 @@ name: Run tfproviderlint +permissions: + contents: read + on: pull_request: push: diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index fb9f53f729..4b898234b7 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -1,5 +1,8 @@ name: Tests +permissions: + contents: read + on: pull_request: merge_group: