slackapi · zimeg · Apr 22, 2025 · Apr 21, 2025 · Apr 21, 2025 · Apr 21, 2025
@@ -21,6 +21,8 @@ jobs:
   delete-pre-release:
     name: Delete pre-release if exists
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Delete pre-release and tag named after branch
         env:

@@ -7,6 +7,8 @@ jobs:
   golang:
     name: Bump the Golang version
     runs-on: ubuntu-latest
+    permissions:
+      contents: none # Permissions are set with an application token
     steps:
       - name: Gather credentials
         id: credentials

@@ -17,6 +17,8 @@ jobs:
   execute:
     name: Start tests
     runs-on: ubuntu-latest
+    permissions:
+      contents: none
     steps:
       - name: Trigger CircleCI 'local' workflow
         if: ${{ github.event.inputs.status == 'false' }}

@@ -10,6 +10,8 @@ jobs:
   check-headers:
     name: Check that license headers are in place
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v4.2.2
         with:

@@ -17,7 +17,8 @@ jobs:
   config-sync:
     name: Sync docs to docs site repo
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: read
     steps:
       - name: Generate a GitHub token
         id: ghtoken

@@ -15,6 +15,8 @@ jobs:
   lint-test:
     name: Lints and Unit tests
     runs-on: macos-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v4.2.2
         with:
@@ -49,6 +51,9 @@ jobs:
   health-score:
     needs: lint-test
     runs-on: macos-latest
+    permissions:
+      checks: write
+      contents: read
     steps:
       - uses: actions/checkout@v4.2.2
       - name: Set up Go