From de8daee061141d85258ec45d99b0bb429abcdebe Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Sun, 18 Feb 2024 02:01:36 +0700 Subject: [PATCH] security: add permissions block to workflows --- .github/workflows/add-to-apm-project.yaml | 3 +++ .github/workflows/add-to-project.yaml | 3 +++ .github/workflows/label-elastic-pull-requests.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/add-to-apm-project.yaml b/.github/workflows/add-to-apm-project.yaml index dff69ad2..80a893aa 100644 --- a/.github/workflows/add-to-apm-project.yaml +++ b/.github/workflows/add-to-apm-project.yaml @@ -3,6 +3,9 @@ on: issues: types: - opened +permissions: + contents: read + jobs: add_to_project: runs-on: ubuntu-latest diff --git a/.github/workflows/add-to-project.yaml b/.github/workflows/add-to-project.yaml index 6029d2df..a9f68e69 100644 --- a/.github/workflows/add-to-project.yaml +++ b/.github/workflows/add-to-project.yaml @@ -6,6 +6,9 @@ on: - opened - transferred +permissions: + contents: read + jobs: add-to-project: name: Add issue to project diff --git a/.github/workflows/label-elastic-pull-requests.yml b/.github/workflows/label-elastic-pull-requests.yml index b2a13569..45051a40 100644 --- a/.github/workflows/label-elastic-pull-requests.yml +++ b/.github/workflows/label-elastic-pull-requests.yml @@ -4,6 +4,9 @@ on: pull_request_target: types: [opened] +permissions: + contents: read + jobs: safe-to-test: runs-on: ubuntu-latest