From f2487d4f7d2d8fa8902573e4592c8b16481582db Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 15:02:52 -0400 Subject: [PATCH 1/5] ci: scope down permissions for release.yml --- .github/workflows/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 881c9d2..5fd4d4f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,10 @@ on: type: string env: NEW_VERSION: ${{ github.event.inputs.release_tag }} +permissions: + contents: write + pull-requests: read + jobs: release: runs-on: ubuntu-latest From b9ea502b350592c1e64b4492d43fd4ddeca2dc6f Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 15:02:54 -0400 Subject: [PATCH 2/5] ci: scope down permissions for build-ios.yml --- .github/workflows/build-ios.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-ios.yml b/.github/workflows/build-ios.yml index 5ba82c4..f5c245c 100644 --- a/.github/workflows/build-ios.yml +++ b/.github/workflows/build-ios.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: build-ios: runs-on: macos-13-xl From 4cb380deb66d6768f68613e95630509f204ca917 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 15:02:55 -0400 Subject: [PATCH 3/5] ci: scope down permissions for test.yml --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f5611c3..2e93ef5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: code-test: runs-on: ubuntu-latest From 070f879024c506642b047fd0158c6444aca58a21 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 15:02:57 -0400 Subject: [PATCH 4/5] ci: scope down permissions for build-android.yml --- .github/workflows/build-android.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index 3aae12e..b30704b 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: build-android: runs-on: ubuntu-latest From f52c432347d8a99866c1463168902093e0e5b968 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 15:02:59 -0400 Subject: [PATCH 5/5] ci: scope down permissions for code-lint.yml --- .github/workflows/code-lint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index 269c06a..1d9ee43 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: code-lint: runs-on: ubuntu-latest