Add permissions for read access to contents in workflow files

ReneWerner87 · ReneWerner87 · commit ded23f5f4089 · 2026-04-29T11:56:37.000+02:00
diff --git a/.github/workflows/after-release.yml b/.github/workflows/after-release.yml
@@ -7,6 +7,9 @@ on:
     types: [after-release]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   notify:
     uses: gofiber/.github/.github/workflows/after-release.yml@main
diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml
@@ -5,6 +5,10 @@ on:
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
   workflow_dispatch:
+
+permissions:
+  contents: read
+
 jobs:
   auto-labeler:
     uses: gofiber/.github/.github/workflows/auto-labeler.yml@main
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
@@ -15,6 +15,9 @@ on:
       - "!docs/**"
       - "!**.md"
 
+permissions:
+  contents: read
+
 jobs:
   Compare:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/cleanup-release-draft.yml b/.github/workflows/cleanup-release-draft.yml
@@ -9,6 +9,9 @@ on:
         type: string
         default: ''
 
+permissions:
+  contents: read
+
 jobs:
   cleanup:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -9,6 +9,10 @@ on:
   schedule:
     - cron: '0 3 * * 6'
 
+permissions:
+  security-events: write
+  contents: read
+
 jobs:
   analyse:
     name: Analyse
diff --git a/.github/workflows/dependabot-on-demand.yml b/.github/workflows/dependabot-on-demand.yml
@@ -5,6 +5,9 @@ on:
     types: [trigger-dependabot]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   trigger:
     uses: gofiber/.github/.github/workflows/dependabot-on-demand.yml@main
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -14,6 +14,10 @@ on:
       - "!**.md"
 
 name: Test
+
+permissions:
+  contents: read
+
 jobs:
   Build:
     strategy:
