ci: set contents read as default workflow permissions

This commit is contained in:
CrazyMax 2025-03-02 16:18:40 +01:00
parent d0b058af6b
commit 05f1368902
No known key found for this signature in database
GPG Key ID: ADE44D8C9D44FBE4
5 changed files with 29 additions and 0 deletions

View File

@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
schedule:
- cron: '0 10 * * *'

View File

@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
push:
branches:
@ -19,6 +23,11 @@ on:
jobs:
labeler:
runs-on: ubuntu-latest
permissions:
# same as global permissions
contents: read
# required to update labels
issues: write
steps:
-
name: Checkout

View File

@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
push:
branches:

View File

@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
workflow_dispatch:
schedule:
@ -27,6 +31,10 @@ jobs:
open-pr:
runs-on: ubuntu-22.04
if: github.event_name != 'pull_request'
permissions:
# required to create PR
contents: write
pull-requests: write
needs:
- generate
steps:

View File

@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
push:
branches: