From 8105a59c4efd41f24d4045341f9fcb673d5bb4cc Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:37:02 -0400 Subject: [PATCH 1/5] ci: scope down permissions for release.yml --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e32dd29..4b6fe83 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,9 @@ on: type: string env: NEW_VERSION: ${{ github.event.inputs.release_tag }} +permissions: + contents: write + jobs: release: runs-on: ubuntu-latest From 091f93a8eb308c29f051abf6c53aa7ffc215878e Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:37:04 -0400 Subject: [PATCH 2/5] ci: scope down permissions for test.yml --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9e8ef04..aa3eb4c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: code-test: runs-on: ubuntu-latest From 5c0a0a8ae9186a1c45f0502ae498d889c1e544e0 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:37:06 -0400 Subject: [PATCH 3/5] ci: scope down permissions for code-lint.yml --- .github/workflows/code-lint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index 9dbbe59..58783e8 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: code-lint: runs-on: ubuntu-latest From 4c0731f1cc73dec04adfa8a0cec40f7dd17dca25 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:37:08 -0400 Subject: [PATCH 4/5] ci: scope down permissions for title-lint.yml --- .github/workflows/title-lint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/title-lint.yml b/.github/workflows/title-lint.yml index b81c5ca..9cba2b9 100644 --- a/.github/workflows/title-lint.yml +++ b/.github/workflows/title-lint.yml @@ -4,6 +4,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: title-lint: runs-on: ubuntu-latest From f72fa8c6135a8fa3fba14d5dc3e08829d217ca92 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:37:10 -0400 Subject: [PATCH 5/5] ci: scope down permissions for build.yml --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ffe7075..813dede 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [ "main" ] +permissions: + contents: read + jobs: code-build: runs-on: ubuntu-latest