From b4a9a1c5de862ed0aba2559d59d6e1fd87cb6a22 Mon Sep 17 00:00:00 2001 From: Matthew Penner Date: Wed, 28 Aug 2024 20:02:10 -0600 Subject: [PATCH] ci: update workflow permissions Signed-off-by: Matthew Penner --- .github/workflows/docker.yaml | 3 +++ .github/workflows/push.yaml | 2 ++ .github/workflows/release.yaml | 2 ++ 3 files changed, 7 insertions(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 4ca1e85b..55afe117 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -14,6 +14,9 @@ jobs: runs-on: ubuntu-22.04 # Always run against a tag, even if the commit into the tag has [docker skip] within the commit message. if: "!contains(github.ref, 'develop') || (!contains(github.event.head_commit.message, 'skip docker') && !contains(github.event.head_commit.message, 'docker skip'))" + permissions: + contents: read + packages: write steps: - name: Code checkout uses: actions/checkout@v4 diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index e69f590d..a2fc5fed 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -12,6 +12,8 @@ jobs: build-and-test: name: Build and Test runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: fail-fast: false matrix: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2c07aef7..73d4880b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,6 +9,8 @@ jobs: release: name: Release runs-on: ubuntu-22.04 + permissions: + contents: write # write is required to create releases and push. steps: - name: Code Checkout