Add additional permissions (#5217)

* Add additional permissions Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Fix yamllint warning Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2025-11-01 02:33:14 -04:00 · 2022-03-02 07:01:45 -08:00
parent f5acb9d12a
commit d40d224271
8 changed files with 24 additions and 5 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,9 +14,9 @@ permissions:
 jobs:
  analyze:
    permissions:
-      actions: read # for github/codeql-action/init to get workflow details
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/autobuild to send a status report
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
    name: Analyze
    runs-on: ubuntu-latest

--- a/.github/workflows/go.fmt.yml
+++ b/.github/workflows/go.fmt.yml
@@ -4,9 +4,13 @@ on:
  schedule:
    - cron: '22 10 * * 1'

+permissions: read-all
+
 jobs:
  fix:
    runs-on: ubuntu-latest
+    permissions:
+      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
--- a/.github/workflows/go.tidy.yml
+++ b/.github/workflows/go.tidy.yml
@@ -4,9 +4,13 @@ on:
  schedule:
    - cron: '22 10 * * 3'

+permissions: read-all
+
 jobs:
  fix:
    runs-on: ubuntu-latest
+    permissions:
+      contents: write
    steps:
      - name: Install Go
        uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492
--- a/.github/workflows/make.doc.yml
+++ b/.github/workflows/make.doc.yml
@@ -4,9 +4,13 @@ on:
  schedule:
    - cron: '22 10 * * 0'

+permissions: read-all
+
 jobs:
  fix:
    runs-on: ubuntu-latest
+    permissions:
+      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
--- a/.github/workflows/reviewdog.yml
+++ b/.github/workflows/reviewdog.yml
@@ -5,6 +5,8 @@ on:
    branches:
      - master

+permissions: read-all
+
 jobs:
  gofmt:
    name: Go Fmt
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -9,8 +9,8 @@ permissions:
 jobs:
  stale:
    permissions:
-      issues: write # for actions/stale to close stale issues
-      pull-requests: write # for actions/stale to close stale PRs
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@7fb802b3079a276cf3c7e6ba9aa003c665b3f838
--- a/.github/workflows/whitespace.yml
+++ b/.github/workflows/whitespace.yml
@@ -4,9 +4,13 @@ on:
  schedule:
    - cron: '22 10 * * 2'

+permissions: read-all
+
 jobs:
  fix:
    runs-on: ubuntu-latest
+    permissions:
+      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
--- a/.github/workflows/yamllint.yml
+++ b/.github/workflows/yamllint.yml
@@ -1,6 +1,7 @@
 name: 'Yamllint GitHub Actions'
 on:
  - pull_request
+permissions: read-all
 jobs:
  yamllint:
    name: 'Yamllint'