From 1cc0687d9c362724d3901a17ed87697980d0f0d9 Mon Sep 17 00:00:00 2001 From: Dick Ameln Date: Thu, 13 Jun 2024 09:08:11 +0200 Subject: [PATCH] add top level permissions to github workflows --- .github/workflows/code_scan.yml | 1 + .github/workflows/pre_merge.yml | 1 + .github/workflows/publish.yml | 2 ++ .github/workflows/upload_coverage.yml | 2 ++ 4 files changed, 6 insertions(+) diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml index 92e6f804f9..2ebcf03770 100644 --- a/.github/workflows/code_scan.yml +++ b/.github/workflows/code_scan.yml @@ -1,4 +1,5 @@ name: Code Scanning +permissions: read-all on: workflow_dispatch: # run on request (no need for PR) diff --git a/.github/workflows/pre_merge.yml b/.github/workflows/pre_merge.yml index 945096a5d6..e43bac959a 100644 --- a/.github/workflows/pre_merge.yml +++ b/.github/workflows/pre_merge.yml @@ -1,4 +1,5 @@ name: Pre-Merge Checks +permissions: read-all on: push: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index dd6b896ce4..777f9b0645 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,6 @@ name: Upload Python Package +permissions: read-all + on: release: types: [published] diff --git a/.github/workflows/upload_coverage.yml b/.github/workflows/upload_coverage.yml index f531436124..7770cb8b31 100644 --- a/.github/workflows/upload_coverage.yml +++ b/.github/workflows/upload_coverage.yml @@ -1,4 +1,6 @@ name: Upload coverage +permissions: read-all + on: workflow_run: workflows: ["Pre-Merge Checks"]