[GitHub] Add minimum GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-08-31 15:50:47 -07:00 · 2022-08-31 15:50:47 -07:00 · 7a3372fc3f
parent 4ed914e6f9
commit 7a3372fc3f
2 changed files with 9 additions and 0 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -9,6 +9,9 @@ on:
  schedule:
    - cron: '22 1 * * 2'

+permissions:
+  contents: read
+
 jobs:
  analyze:
    name: Analyze
--- a/.github/workflows/stale-action.yml
+++ b/.github/workflows/stale-action.yml
@ -3,8 +3,14 @@ on:
  schedule:
    - cron: "0 0 * * *"

+permissions:
+  contents: read
+
 jobs:
  stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v4