Merge pull request #1864 from sustainable-computing-io/ghapermissions

[fix]: update gha permission settings

.github/workflows/commitMsg.yml

@@ -2,6 +2,8 @@ name: Commit Message Check
 on: # yamllint disable-line rule:truthy
   pull_request:
 
+permissions: read-all
+
 jobs:
   check-commit-message:
     name: Check Commit Message
@@ -12,5 +14,3 @@ jobs:
 
       - name: Check commit message
         uses: webiny/[email protected]
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/daily.yml

@@ -6,6 +6,8 @@ on: # yamllint disable-line rule:truthy
   schedule:
     - cron: 12 9 * * *
 
+permissions: read-all
+
 jobs:
   # daily go security
   gosec:

.github/workflows/developer_local.yml

@@ -3,6 +3,8 @@ name: local dev env validation
 on: # yamllint disable-line rule:truthy
   workflow_call:
 
+permissions: read-all
+
 jobs:
   local_env:
     runs-on: ubuntu-latest

.github/workflows/gosec.yml

@@ -5,6 +5,9 @@ name: Security Scan
 on: # yamllint disable-line rule:truthy
   workflow_call:
 
+permissions:
+  pull-requests: read
+
 jobs:
   tests:
     runs-on: ubuntu-latest

.github/workflows/pre-commit-auto-update.yml

@@ -4,6 +4,8 @@ on: # yamllint disable-line rule:truthy
   schedule:
     - cron: 0 0 1 * *
 
+permissions: read-all
+
 jobs:
   auto-update:
     runs-on: ubuntu-latest

.github/workflows/unit_test.yml

@@ -7,7 +7,7 @@ on: # yamllint disable-line rule:truthy
 
 permissions:
   pull-requests: write
-  contents: write
+  contents: read
   repository-projects: write
   packages: write
 

.github/workflows/yamllint.yml

@@ -3,6 +3,8 @@ name: yamllint
 on: # yamllint disable-line rule:truthy
   workflow_call:
 
+permissions: read-all
+
 jobs:
   yamllint:
     runs-on: ubuntu-latest