Change default permissions for workflows (#5149)

* change default workflow permission to read-all Fixes #5147 * permission: content read-only * remove bad changes
2025-01-12 09:20:15 +00:00 · 2023-03-13 16:18:01 +01:00 · 2023-03-13 16:18:01 +01:00 · 7cefd5f5f8
commit 7cefd5f5f8
parent 44d72a9b36
3 changed files with 8 additions and 1 deletions
--- a/.github/workflows/autoroll.yml
+++ b/.github/workflows/autoroll.yml
@ -1,4 +1,6 @@
 name: Update dependencies
+permissions:
+  contents: read

 on:
  schedule:
@ -7,6 +9,8 @@ on:

 jobs:
  update-dependencies:
+    permissions:
+      contents: write
    name: Update dependencies
    runs-on: ubuntu-latest

@ -38,7 +42,6 @@ jobs:
            echo "changed=true" >> $GITHUB_OUTPUT
          fi
        id: update_dependencies
-     
      - name: Push changes and create PR
        if: steps.update_dependencies.outputs.changed == 'true'
        run: |
--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml
@ -1,4 +1,6 @@
 name: Build and Test with Bazel
+permissions:
+  contents: read

 on:
  push:
--- a/.github/workflows/wasm.yml
+++ b/.github/workflows/wasm.yml
@ -1,4 +1,6 @@
 name: Wasm Build
+permissions:
+  contents: read

 on: [push, pull_request]