ci: define minimal permissions to github workflows (#1295)

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
2023-06-19 05:53:04 -03:00 · 2023-06-19 05:53:04 -03:00 · 553eb4c7a8
parent f6bb79e03d
commit 553eb4c7a8
2 changed files with 9 additions and 1 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -20,6 +20,10 @@ on:
  schedule:
    - cron: '31 21 * * 6'

+# Minimal permissions to be inherited by any job that don't declare it's own permissions
+permissions:
+  contents: read
+
 jobs:
  analyze:
    name: Analyze
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -7,6 +7,10 @@ on:
      - main
      - 'release-*'

+# Minimal permissions to be inherited by any job that don't declare it's own permissions
+permissions:
+  contents: read
+
 jobs:
  test:
    name: Tests
@ -39,4 +43,4 @@ jobs:

      - name: Run style and unused
        if: ${{ matrix.go_version == '1.20' }}
-        run: make style unused
+        run: make style unused