Merge pull request #543 from souleb/token-permissions

Add Permissions to github Workflows
fluxcd · Jan 20, 2022 · 593ac59 · 593ac59
2 parents b6eeb14 + f1327dc
commit 593ac59
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 0 deletions.
diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
@@ -3,6 +3,10 @@ on:
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+
 jobs:
   Fuzzing:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+
 jobs:
   kind:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -7,6 +7,9 @@ on:
 env:
   REPOSITORY: ${{ github.repository }}
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+
 jobs:
   build:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml
@@ -6,6 +6,11 @@ on:
   issue_comment:
     types: [created]
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+  pull-requests: read
+  repository-projects: write
+
 jobs:
   rebase:
     if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') && (github.event.comment.author_association == 'CONTRIBUTOR' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -8,6 +8,10 @@ on:
   schedule:
     - cron: '18 10 * * 3'
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for codeQL to write security events
+
 jobs:
   fossa:
     name: FOSSA