From da159fe65b84dfcf4f8e9b60571f3caad8b32b21 Mon Sep 17 00:00:00 2001 From: Travis Groth Date: Thu, 31 Mar 2022 17:15:38 -0400 Subject: [PATCH] ci: set explicit token permissions (#3225) --- .github/workflows/backport.yaml | 2 ++ .github/workflows/docker-main.yaml | 2 ++ .github/workflows/release.yaml | 6 ++++++ .github/workflows/test.yaml | 4 +++- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index 93dccdd80..8b74b0afd 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -1,4 +1,6 @@ name: Backport +permissions: + contents: read on: pull_request_target: types: diff --git a/.github/workflows/docker-main.yaml b/.github/workflows/docker-main.yaml index bb7026308..74c5808a2 100644 --- a/.github/workflows/docker-main.yaml +++ b/.github/workflows/docker-main.yaml @@ -1,4 +1,6 @@ name: Docker Main +permissions: + contents: read on: push: branches: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 75bfeab2e..14d1d3f49 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,6 @@ name: Release +permissions: + contents: read on: release: @@ -7,6 +9,10 @@ on: jobs: goreleaser: + permissions: + contents: write + issues: read + pull-requests: read runs-on: ubuntu-latest env: DOCKER_CLI_EXPERIMENTAL: "enabled" diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fc12f13a7..18b2722f5 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,10 +1,12 @@ +name: Test +permissions: + contents: read on: push: branches: - main pull_request: -name: Test jobs: test: strategy: