From 2cde9db796c6773f911a78c5d9e9f354d6cebb4d Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:28:44 -0400 Subject: [PATCH 1/3] ci: scope down permissions for colab.yml --- .github/workflows/colab.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/colab.yml b/.github/workflows/colab.yml index caf3f2d..27c0d7f 100644 --- a/.github/workflows/colab.yml +++ b/.github/workflows/colab.yml @@ -6,6 +6,9 @@ on: - cron: '0 9 * * 1' workflow_dispatch: +permissions: + contents: write + jobs: sync: runs-on: ubuntu-latest From 5f01ab64352a0d176cf83113994e7d404efd392e Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:28:46 -0400 Subject: [PATCH 2/3] ci: scope down permissions for canary_d2l.yml --- .github/workflows/canary_d2l.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/canary_d2l.yml b/.github/workflows/canary_d2l.yml index 68aea26..d2c8d9d 100644 --- a/.github/workflows/canary_d2l.yml +++ b/.github/workflows/canary_d2l.yml @@ -6,6 +6,9 @@ on: - cron: '0 9 * * *' workflow_dispatch: +permissions: + contents: read + jobs: canary-test: runs-on: ${{ matrix.os }} From 82657cd3402109636ac545e394387beb5149e676 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:28:47 -0400 Subject: [PATCH 3/3] ci: scope down permissions for pr_notebook.yml --- .github/workflows/pr_notebook.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pr_notebook.yml b/.github/workflows/pr_notebook.yml index 1cdabda..8245370 100644 --- a/.github/workflows/pr_notebook.yml +++ b/.github/workflows/pr_notebook.yml @@ -10,6 +10,9 @@ on: - "**.css" workflow_dispatch: +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest