From f0a4acff18bd16bf43765b84f659edbdbb0e1053 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:20:49 -0400 Subject: [PATCH 1/3] ci: scope down permissions for release-drafter.yml --- .github/workflows/release-drafter.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index b8b9c68..b2474d5 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: write + jobs: update_release_draft: runs-on: ubuntu-latest From 186721dce9a7385cc45d576f53ef2dc8bc18ecd2 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:20:51 -0400 Subject: [PATCH 2/3] ci: scope down permissions for tests.yml --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e5dd519..c720a90 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,6 +11,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: cfn-lint-tests: strategy: From 02e276445925b585058f4d3d8c632daacf81e747 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 13:20:53 -0400 Subject: [PATCH 3/3] ci: scope down permissions for update-docs.yml --- .github/workflows/update-docs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index f3f341e..6936d9d 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -5,6 +5,10 @@ on: branches: - main +permissions: + contents: write + pages: write + jobs: update_docs: runs-on: ubuntu-latest