Skip to content

Commit 2dd7105

Browse files
oschwaldoschwald
committed
Simplify workflow permissions to minimal required
Set minimal permissions for all workflows: - go.yml and golangci-lint.yml: contents:read only - codeql-analysis.yml: contents:read and security-events:write (needed to upload security scan results) This provides the most restrictive security posture while allowing all workflows to function properly.
1 parent 3f8df2c commit 2dd7105

File tree

3 files changed

+10
-0
lines changed

3 files changed

+10
-0
lines changed

.github/workflows/codeql-analysis.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@ on:
88
schedule:
99
- cron: '0 13 * * 4'
1010

11+
permissions:
12+
contents: read
13+
security-events: write
14+
1115
jobs:
1216
CodeQL-Build:
1317

.github/workflows/go.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@ name: Go
22

33
on: [push, pull_request]
44

5+
permissions:
6+
contents: read
7+
58
jobs:
69

710
build:

.github/workflows/golangci-lint.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@ name: golangci-lint
22

33
on: [push, pull_request]
44

5+
permissions:
6+
contents: read
7+
58
jobs:
69
golangci:
710
name: lint

0 commit comments

Comments
 (0)