From f76b6e529df61b7204a902f9dab3989f89687530 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 13 Nov 2024 16:38:03 -0600 Subject: [PATCH] Set top-level permissions for workflows --- .github/workflows/bicep-build-to-validate.yml | 3 +++ .github/workflows/gh-ado-sync.yml | 3 +++ .github/workflows/release-tests.yml | 3 +++ .github/workflows/scheduled-bicep-build.yml | 7 +++---- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 2ccc6118d..4556da1b7 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -11,6 +11,9 @@ on: - "**/bicepconfig.json" workflow_dispatch: {} +permissions: + contents: read + jobs: bicep_unit_tests: name: Bicep Build & Lint All Modules diff --git a/.github/workflows/gh-ado-sync.yml b/.github/workflows/gh-ado-sync.yml index e91d19036..4a61d3da9 100644 --- a/.github/workflows/gh-ado-sync.yml +++ b/.github/workflows/gh-ado-sync.yml @@ -6,6 +6,9 @@ on: issue_comment: types: [created] +permissions: + contents: read + jobs: alert: runs-on: ubuntu-latest diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml index 96f053d33..67760f2c1 100644 --- a/.github/workflows/release-tests.yml +++ b/.github/workflows/release-tests.yml @@ -6,6 +6,9 @@ on: - main workflow_dispatch: {} +permissions: + contents: read + jobs: release-tests: name: Pre-Release Tests diff --git a/.github/workflows/scheduled-bicep-build.yml b/.github/workflows/scheduled-bicep-build.yml index a8a2e588f..ddfcee4d7 100644 --- a/.github/workflows/scheduled-bicep-build.yml +++ b/.github/workflows/scheduled-bicep-build.yml @@ -1,13 +1,12 @@ name: Unit Tests - Scheduled Bicep Build - -permissions: - contents: read - on: schedule: - cron: "0 8 * * 1-5" workflow_dispatch: {} +permissions: + contents: read + jobs: bicep_unit_tests: name: Bicep Build & Lint All Modules