Add top-level permissions to more workflows (#589)

amazon-ion · Sep 21, 2023 · 9d72f83 · 9d72f83
1 parent 388e890
commit 9d72f83
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,4 +1,5 @@
 name: build
+permissions: read-all
 
 on:
   push:

diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
@@ -24,6 +24,7 @@
 # See https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
 
 name: Prepare Release
+permissions: read-all
 on:
   # We have a branch protection rule for master, so all commits to master require
   # an approved PR. That means this workflow trigger is effectively equivalent to

diff --git a/.github/workflows/test-inspect-version-action.yml b/.github/workflows/test-inspect-version-action.yml
@@ -1,6 +1,7 @@
 # Test cases for the 'inspect-version' action
 
 name: Test 'inspect-version' Action
+permissions: read-all
 
 on:
   pull_request: