From 97f8abcd8c80a3e31abb7decfe311b10c4b01bb0 Mon Sep 17 00:00:00 2001 From: SatabdiG Date: Wed, 27 May 2026 12:33:45 +0200 Subject: [PATCH 1/2] chore: add permissions section to multiple workflow files --- .github/workflows/email_check.yaml | 3 +++ .github/workflows/pr-test.yaml | 3 +++ .github/workflows/reuse-scan.yaml | 2 ++ .github/workflows/reviewable_check_diff.yaml | 3 +++ .github/workflows/test-docs-build.yaml | 2 ++ .github/workflows/unit_test.yaml | 3 +++ 6 files changed, 16 insertions(+) diff --git a/.github/workflows/email_check.yaml b/.github/workflows/email_check.yaml index 533821c1..26f90833 100644 --- a/.github/workflows/email_check.yaml +++ b/.github/workflows/email_check.yaml @@ -7,6 +7,9 @@ on: branches: [ main ] workflow_dispatch: +permissions: + contents: read + jobs: content-check: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index cb53b676..611b1c9b 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -11,6 +11,9 @@ on: - ready_for_review paths-ignore: - '*.md' + +permissions: + contents: read jobs: run-go-license-check: diff --git a/.github/workflows/reuse-scan.yaml b/.github/workflows/reuse-scan.yaml index f95a6675..3408f3bc 100644 --- a/.github/workflows/reuse-scan.yaml +++ b/.github/workflows/reuse-scan.yaml @@ -6,6 +6,8 @@ on: workflow_dispatch: workflow_call: +permissions: + contents: read jobs: lint-reuse: diff --git a/.github/workflows/reviewable_check_diff.yaml b/.github/workflows/reviewable_check_diff.yaml index 79fff878..c0d0d3cf 100644 --- a/.github/workflows/reviewable_check_diff.yaml +++ b/.github/workflows/reviewable_check_diff.yaml @@ -6,6 +6,9 @@ on: workflow_dispatch: workflow_call: +permissions: + contents: read + env: GO_IMPORT_VERSION: 'v0.16.1' diff --git a/.github/workflows/test-docs-build.yaml b/.github/workflows/test-docs-build.yaml index 249e28f6..5a4a5069 100644 --- a/.github/workflows/test-docs-build.yaml +++ b/.github/workflows/test-docs-build.yaml @@ -9,6 +9,8 @@ on: - main paths: - 'docs/**' +permissions: + contents: read jobs: test-docs-build-pr: diff --git a/.github/workflows/unit_test.yaml b/.github/workflows/unit_test.yaml index b1f81b23..c7adc916 100644 --- a/.github/workflows/unit_test.yaml +++ b/.github/workflows/unit_test.yaml @@ -7,6 +7,9 @@ on: workflow_dispatch: workflow_call: +permissions: + contents: read + jobs: unit-tests: From ee3017be80dbe6d6aa649ce02efb3f66a8c22617 Mon Sep 17 00:00:00 2001 From: SatabdiG Date: Wed, 27 May 2026 15:34:50 +0200 Subject: [PATCH 2/2] chore: add permissions section to PR test workflow --- .github/workflows/pr-test.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 8246e346..498789e5 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -12,6 +12,9 @@ on: paths-ignore: - '**.md' +permissions: + contents: read + jobs: run-go-license-check: uses: ./.github/workflows/check-go-licenses.yaml