diff --git a/.github/workflows/email_check.yaml b/.github/workflows/email_check.yaml index 533821c1..26f90833 100644 --- a/.github/workflows/email_check.yaml +++ b/.github/workflows/email_check.yaml @@ -7,6 +7,9 @@ on: branches: [ main ] workflow_dispatch: +permissions: + contents: read + jobs: content-check: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 8246e346..498789e5 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -12,6 +12,9 @@ on: paths-ignore: - '**.md' +permissions: + contents: read + jobs: run-go-license-check: uses: ./.github/workflows/check-go-licenses.yaml diff --git a/.github/workflows/reuse-scan.yaml b/.github/workflows/reuse-scan.yaml index f95a6675..3408f3bc 100644 --- a/.github/workflows/reuse-scan.yaml +++ b/.github/workflows/reuse-scan.yaml @@ -6,6 +6,8 @@ on: workflow_dispatch: workflow_call: +permissions: + contents: read jobs: lint-reuse: diff --git a/.github/workflows/reviewable_check_diff.yaml b/.github/workflows/reviewable_check_diff.yaml index 79fff878..c0d0d3cf 100644 --- a/.github/workflows/reviewable_check_diff.yaml +++ b/.github/workflows/reviewable_check_diff.yaml @@ -6,6 +6,9 @@ on: workflow_dispatch: workflow_call: +permissions: + contents: read + env: GO_IMPORT_VERSION: 'v0.16.1' diff --git a/.github/workflows/test-docs-build.yaml b/.github/workflows/test-docs-build.yaml index 249e28f6..5a4a5069 100644 --- a/.github/workflows/test-docs-build.yaml +++ b/.github/workflows/test-docs-build.yaml @@ -9,6 +9,8 @@ on: - main paths: - 'docs/**' +permissions: + contents: read jobs: test-docs-build-pr: diff --git a/.github/workflows/unit_test.yaml b/.github/workflows/unit_test.yaml index b1f81b23..c7adc916 100644 --- a/.github/workflows/unit_test.yaml +++ b/.github/workflows/unit_test.yaml @@ -7,6 +7,9 @@ on: workflow_dispatch: workflow_call: +permissions: + contents: read + jobs: unit-tests: