From da51adc27670f495478f50634462954319e4fc14 Mon Sep 17 00:00:00 2001 From: Ashish Kurmi <100655670+boahc077@users.noreply.github.com> Date: Mon, 31 Oct 2022 00:46:46 -0700 Subject: [PATCH] Set least privileged token permission for GitHub Actions (#3155) Signed-off-by: Ashish Kurmi --- .github/workflows/build-and-push-image.yml | 3 +++ .github/workflows/goreleaser.yml | 3 +++ .github/workflows/stale.yml | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 454995c..99a9fa9 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -9,6 +9,9 @@ on: description: 'Image tag' required: true default: 'test' +permissions: + contents: read + jobs: image: name: Build Image from Dockerfile and binaries diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 9335497..0614a10 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -3,6 +3,9 @@ name: goreleaser on: workflow_dispatch: +permissions: + contents: read + jobs: goreleaser: runs-on: ubuntu-latest diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 392be0b..c3642d9 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -8,8 +8,14 @@ on: description: 'In debug mod' required: false default: 'false' +permissions: + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - uses: actions/stale@v6