Skip to content

Commit b413eae

Browse files
caxu-rhacornett21
caxu-rh
authored and
acornett21
committed
Add explicit permissions on all jobs
Signed-off-by: Caleb Xu <caxu@redhat.com>
1 parent 51d2ebd commit b413eae

3 files changed

Lines changed: 15 additions & 1 deletion

File tree

.github/workflows/build-main.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,14 @@ on:
66

77
env:
88
IMAGE_NAME: preflight-trigger
9-
9+
10+
permissions: {}
11+
1012
jobs:
1113
build-main:
1214
name: Build and push main snapshot images
15+
permissions:
16+
contents: read
1317
strategy:
1418
matrix:
1519
architecture: [amd64]
@@ -68,6 +72,8 @@ jobs:
6872
imageVersion: ${{ env.SHA_SHORT }}
6973

7074
build-coverage:
75+
permissions:
76+
contents: read
7177
runs-on: ubuntu-latest
7278
steps:
7379
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

.github/workflows/build-release.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,13 @@ on:
1010
env:
1111
IMAGE_NAME: preflight-trigger
1212

13+
permissions: {}
14+
1315
jobs:
1416
build-release:
1517
name: Build and push tag images
18+
permissions:
19+
contents: read
1620
strategy:
1721
matrix:
1822
architecture: [amd64]

.github/workflows/go.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,12 @@ on:
66
- main
77
- release-*
88

9+
permissions: {}
10+
911
jobs:
1012
build:
13+
permissions:
14+
contents: read
1115
runs-on: ubuntu-latest
1216
steps:
1317
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

0 commit comments

Comments
 (0)