diff --git a/.github/workflows/action-ci.yml b/.github/workflows/action-ci.yml index 997fc2dc..cf6a4f88 100644 --- a/.github/workflows/action-ci.yml +++ b/.github/workflows/action-ci.yml @@ -8,6 +8,9 @@ on: paths: - "action/**" - "action.yml" +permissions: + contents: read + jobs: run-unit-tests: runs-on: ubuntu-latest diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 13abd23d..4959bd26 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -14,6 +14,9 @@ env: CARGO_TERM_COLOR: always FUZZ_TIME: 420 +permissions: + contents: read + jobs: build: name: Build all crates & run unit tests diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 69b60901..f4895af8 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -14,6 +14,9 @@ on: - .github/workflows/pre-commit.yml - .pre-commit-config.yaml - .pre-commit-hooks.yaml +permissions: + contents: read + jobs: run-unit-tests-and-lint: runs-on: ubuntu-latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d1368d6d..e9cdd681 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: env: CARGO_TERM_COLOR: always +permissions: + contents: write + jobs: build: strategy: diff --git a/.github/workflows/security_audit.yml b/.github/workflows/security_audit.yml index e2b8fa05..2dd0b8cf 100644 --- a/.github/workflows/security_audit.yml +++ b/.github/workflows/security_audit.yml @@ -3,6 +3,9 @@ on: schedule: - cron: "0 17 * * *" +permissions: + contents: read + jobs: audit: if: github.repository == 'aws-cloudformation/cloudformation-guard' diff --git a/.github/workflows/typescript_library.yml b/.github/workflows/typescript_library.yml index 3bb75502..75459abb 100644 --- a/.github/workflows/typescript_library.yml +++ b/.github/workflows/typescript_library.yml @@ -6,6 +6,9 @@ on: pull_request: paths: - 'guard/ts-lib/**' +permissions: + contents: read + jobs: run-unit-tests-windows: runs-on: windows-latest