Set default permissions on GH workflows

creek-service · Dec 17, 2022 · 8709351 · 8709351
1 parent 71a04c9
commit 8709351
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -15,7 +15,8 @@ on:
         description: "Publish snapshot artifacts: true or false?"
         default: "true"
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   build:

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -4,7 +4,8 @@ on:
   pull_request:
     branches: [ main ]
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   analyze:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,7 +4,8 @@ name: Release
 
 on: [workflow_dispatch]
 
-permissions: read-all
+permissions:
+  contents: read
 
 concurrency: "${{ github.repository }}-versioning"
 

diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
@@ -10,7 +10,8 @@ on:
         required: true
         default: Minor
 
-permissions: read-all
+permissions:
+  contents: read
 
 concurrency: "${{ github.repository }}-versioning"