diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index f611a8f..e43e85b 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -16,11 +16,15 @@ jobs: name: Lint JavaScript/TypeScript uses: ./.github/workflows/lint-js.yml secrets: inherit + permissions: + contents: read lint-rust: name: Lint Rust uses: ./.github/workflows/lint-rs.yml secrets: inherit + permissions: + contents: read security-scan: name: Security Vulnerability Scan diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86f11b0..9823a56 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,11 +31,15 @@ jobs: name: Lint JavaScript/TypeScript uses: ./.github/workflows/lint-js.yml secrets: inherit + permissions: + contents: read lint-rust: name: Lint Rust uses: ./.github/workflows/lint-rs.yml secrets: inherit + permissions: + contents: read codeql: name: CodeQL @@ -51,6 +55,8 @@ jobs: name: Spell Check uses: ./.github/workflows/spellcheck.yml secrets: inherit + permissions: + contents: read release: needs: [security-scan, lint-js, lint-rust, codeql, spellcheck] diff --git a/.github/workflows/rolling-release.yml b/.github/workflows/rolling-release.yml index 4398c89..3797afd 100644 --- a/.github/workflows/rolling-release.yml +++ b/.github/workflows/rolling-release.yml @@ -30,11 +30,15 @@ jobs: name: Lint JavaScript/TypeScript uses: ./.github/workflows/lint-js.yml secrets: inherit + permissions: + contents: read lint-rust: name: Lint Rust uses: ./.github/workflows/lint-rs.yml secrets: inherit + permissions: + contents: read codeql: name: CodeQL @@ -50,6 +54,8 @@ jobs: name: Spell Check uses: ./.github/workflows/spellcheck.yml secrets: inherit + permissions: + contents: read rolling-release: needs: [security-scan, lint-js, lint-rust, codeql, spellcheck]