chore: Add permissions to all workflows (#12)

erezrokah · web-flow · commit 7b94bb838646 · 2025-09-29T17:53:45.000+01:00
diff --git a/.github/.kodiak.toml b/.github/.kodiak.toml
@@ -0,0 +1,17 @@
+
+version = 1
+
+[approve]
+auto_approve_usernames = ["cq-bot"]
+
+[merge.message]
+body = "pull_request_body"
+cut_body_after = "Use the following steps to ensure your PR is ready to be reviewed"
+cut_body_and_text = true
+cut_body_before = "<!-- 🎉 Thank you for making CloudQuery awesome by submitting a PR 🎉 -->"
+title = "pull_request_title"
+
+[merge]
+blocking_labels = ["wip", "no automerge"]
+notify_on_conflict = false
+priority_merge_label = "priority merge"
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -0,0 +1,9 @@
+{
+  extends: ['github>cloudquery/.github//.github/renovate-node-default.json5'],
+  packageRules: [
+    {
+      matchPackageNames: ["*"],
+      groupName: "everything",
+    },
+  ],
+}
diff --git a/.github/workflows/publish-rc.yml b/.github/workflows/publish-rc.yml
@@ -3,7 +3,8 @@ name: Publish release-candidate npm package
 on:
   pull_request:
     types: [opened, reopened, synchronize]
-
+permissions:
+  contents: read
 jobs:
   publish_rc:
     if: contains(github.event.pull_request.labels.*.name, 'release-candidate')
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -4,7 +4,8 @@ on:
   push:
     branches:
       - main
-
+permissions:
+  contents: read
 jobs:
   publish:
     runs-on: ubuntu-latest
