diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d3da16..4d4f166 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,9 @@ on: required: true type: string description: "Profiler version to use for the build" - + +permissions: read-all + jobs: lint: name: Lint diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4dd8fd7..d4e3104 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,6 +14,8 @@ on: schedule: - cron: '34 1 * * 0' +permissions: read-all + jobs: analyze: name: Analyze (Go) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index e4785fb..10ccda3 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -14,6 +14,8 @@ on: - cron: '00 00 * * *' workflow_dispatch: +permissions: read-all + jobs: govulncheck-tests: runs-on: ubuntu-latest diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 71bcc95..f1229c6 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -8,6 +8,8 @@ on: push: branches: [ "main" ] +permissions: read-all + jobs: analysis: name: Scorecard analysis diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index 969aa48..750191b 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -7,6 +7,8 @@ on: types: [opened, synchronize, reopened, labeled] branches: ["**"] +permissions: read-all + concurrency: group: ${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a014433..c5c3812 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,8 @@ on: tags: - 'v*' +permissions: read-all + jobs: versions: name: Determine versions