From 9d7fb7e2974f44136d880272b699e10c1fc85786 Mon Sep 17 00:00:00 2001 From: Bernardo Codesido Date: Thu, 17 Oct 2024 13:22:24 -0300 Subject: [PATCH] Fix workflows permissions --- .github/workflows/build_and_test.yml | 3 +++ .github/workflows/codeql.yml | 5 +++-- .github/workflows/docker.yml | 3 +++ .github/workflows/rit.yml | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 3847327638..a40d4e4690 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -10,6 +10,9 @@ on: branches: - "**" +# Declare default permissions as read only. +permissions: read-all + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bf2f5d53d2..9f17a02c85 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -8,13 +8,14 @@ on: schedule: - cron: "0 0 * * *" +# Declare default permissions as read only. +permissions: read-all + jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: - actions: read - contents: read security-events: write strategy: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e340db36d0..24642b3453 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -7,6 +7,9 @@ on: tags: - '*' +# Declare default permissions as read only. +permissions: read-all + jobs: docker: runs-on: ubuntu-20.04 diff --git a/.github/workflows/rit.yml b/.github/workflows/rit.yml index 0b7d1d88c2..98e6c8dfb7 100644 --- a/.github/workflows/rit.yml +++ b/.github/workflows/rit.yml @@ -17,6 +17,9 @@ on: required: false default: 'master' +# Declare default permissions as read only. +permissions: read-all + jobs: rootstock-integration-tests: name: Rootstock Integration Tests