From f3352fcd1cdc272d56c95b1c2967bb7ad17dc9be Mon Sep 17 00:00:00 2001 From: John Andersen Date: Fri, 21 Jun 2024 19:43:42 -0700 Subject: [PATCH] best practices: ossf scorecard: Fix token permissions Signed-off-by: John Andersen --- .github/workflows/alice_async_comms.yml | 2 ++ .github/workflows/dffml_build_images_containers.yml | 3 +++ .github/workflows/dispatch_build_images_containers.yml | 3 +++ .github/workflows/testing.yml | 3 +++ 4 files changed, 11 insertions(+) diff --git a/.github/workflows/alice_async_comms.yml b/.github/workflows/alice_async_comms.yml index 362339c11c..50118f0b57 100644 --- a/.github/workflows/alice_async_comms.yml +++ b/.github/workflows/alice_async_comms.yml @@ -11,6 +11,8 @@ on: schedule: - cron: '0 6 * * *' +permissions: + contents: read jobs: posts: diff --git a/.github/workflows/dffml_build_images_containers.yml b/.github/workflows/dffml_build_images_containers.yml index 8fb3a65b6e..8182e3e7d6 100644 --- a/.github/workflows/dffml_build_images_containers.yml +++ b/.github/workflows/dffml_build_images_containers.yml @@ -25,6 +25,9 @@ on: - "**/*Dockerfile" - "**/*.manifest.json" +permissions: + contents: read + jobs: manifest: runs-on: ubuntu-latest diff --git a/.github/workflows/dispatch_build_images_containers.yml b/.github/workflows/dispatch_build_images_containers.yml index 6fddd43855..6aa57d0819 100644 --- a/.github/workflows/dispatch_build_images_containers.yml +++ b/.github/workflows/dispatch_build_images_containers.yml @@ -3,6 +3,9 @@ # - https://docs.github.com/en/actions/using-workflows/reusing-workflows#calling-a-reusable-workflow name: "Dispatch: Build: Images: Containers" +permissions: + contents: read + on: workflow_dispatch: inputs: diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index b5228cb421..90fdaed9fa 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -1,5 +1,8 @@ name: Tests +permissions: + contents: read + on: workflow_dispatch: null push: