Restrict github action workflow permissions (#647)

Signed-off-by: jsetton <[email protected]>
openhab · Jan 11, 2024 · c072f3e · c072f3e
1 parent 1b4159e
commit c072f3e
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,6 +8,9 @@ on:
     branches: [ main ]
     paths: [ 'lambda/**' ]
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Testing

diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
@@ -4,6 +4,9 @@ on:
   release:
     types: [ published ]
 
+permissions:
+  contents: read
+
 jobs:
   docs:
     name: Documentation Deployment

diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -8,6 +8,9 @@ on:
     branches: [ main ]
     paths: [ '**.md' ]
 
+permissions:
+  contents: read
+
 jobs:
   markdown:
     name: Markdown Linting

diff --git a/.github/workflows/localization.yml b/.github/workflows/localization.yml
@@ -5,11 +5,17 @@ on:
     branches: [ main ]
     paths: [ 'resources/locales/**' ]
 
+permissions:
+  contents: read
+
 jobs:
   update:
     name: Locale Updates
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,6 +10,9 @@ on:
         type: choice
         options: [ major, minor, patch, premajor, preminor, prepatch, prerelease ]
 
+permissions:
+  contents: read
+
 jobs:
   pkg-update:
     name: Package Version Update

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -8,11 +8,17 @@ on:
   schedule:
     - cron: '42 1 1 * *' # Every first day of the month at 1:42
 
+permissions:
+  contents: read
+
 jobs:
   codeql:
     name: Code Scanning
     runs-on: ubuntu-latest
 
+    permissions:
+      security-events: write
+
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4