[CP-Sec] Set permissions to the workflows tokens

codeplaysoftware · Jun 12, 2024 · 7e957c2 · 7e957c2
1 parent ae28090
commit 7e957c2
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 0 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -8,6 +8,8 @@ on:
   schedule:
     - cron: '23 5 * * 5'
 
+permissions: {}
+
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -2,6 +2,8 @@ name: "Pull Request Labeler"
 on:
 - pull_request_target
 
+permissions: {}
+
 jobs:
   triage:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/new-issues-to-triage-projects.yml b/.github/workflows/new-issues-to-triage-projects.yml
@@ -7,6 +7,9 @@ on:
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+permissions:
+  issues: read
+
 jobs:
   assign_one_project:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -4,6 +4,8 @@ on:
   schedule:
     - cron: "0 * * * *"
 
+permissions: {}
+
 jobs:
   mark-inactive-30d:
     runs-on: ubuntu-latest
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,8 @@ name: "Pull Request Labeler" @@
     on:
     - pull_request_target
+    permissions: {}
     jobs:
       triage:
         runs-on: ubuntu-latest
@@ Expand Down @@