Merge pull request #136 from teaxyz/clean-perms

mxcl · web-flow · commit 73d1d42c949e · 2023-02-05T09:25:18.000-05:00
reduce GHA permissions
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -3,6 +3,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   smoke:
     runs-on: ubuntu-latest
@@ -37,6 +40,9 @@ jobs:
     secrets: inherit
 
   put:
+    permissions:
+      contents: write
+      deployments: write
     needs: [ci1, ci2, smoke]
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/ci-pre-reqs.yml b/.github/workflows/ci-pre-reqs.yml
@@ -9,6 +9,9 @@ concurrency:
   group: ${{ github.ref }}/2
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   pre-reqs:
     continue-on-error: true
diff --git a/.github/workflows/vx-tagger.yml b/.github/workflows/vx-tagger.yml
@@ -4,6 +4,8 @@ on:
 concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
+permissions:
+  contents: write
 jobs:
   retag:
     runs-on: ubuntu-latest
