From 6deb33000f68ca207c0f40189a43ae2d379f0bac Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Thu, 21 Mar 2024 21:32:36 +0100 Subject: [PATCH] set token permissions see https://github.com/inventree/InvenTree/security/code-scanning/48 --- .github/workflows/backport.yml | 3 +++ .github/workflows/check_translations.yaml | 3 +++ .github/workflows/qc_checks.yaml | 2 ++ .github/workflows/release.yml | 3 +++ .github/workflows/translations.yml | 3 +++ 5 files changed, 14 insertions(+) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index cd97cccf9f..3bc539635f 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -9,6 +9,9 @@ on: pull_request_target: types: [ "labeled", "closed" ] +permissions: + contents: read + jobs: backport: name: Backport PR diff --git a/.github/workflows/check_translations.yaml b/.github/workflows/check_translations.yaml index 315922717a..7e97eba8fa 100644 --- a/.github/workflows/check_translations.yaml +++ b/.github/workflows/check_translations.yaml @@ -11,6 +11,9 @@ on: env: python_version: 3.9 +permissions: + contents: read + jobs: check: diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index f826de2875..44c406c505 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -22,6 +22,8 @@ env: INVENTREE_BACKUP_DIR: ../test_inventree_backup INVENTREE_SITE_URL: http://localhost:8000 +permissions: + contents: read jobs: paths-filter: name: Filter diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 44b616f7c8..3634837acd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: release: types: [ published ] +permissions: + contents: read + jobs: stable: diff --git a/.github/workflows/translations.yml b/.github/workflows/translations.yml index 8389c2af2d..6eb3da2d8d 100644 --- a/.github/workflows/translations.yml +++ b/.github/workflows/translations.yml @@ -9,6 +9,9 @@ env: python_version: 3.9 node_version: 16 +permissions: + contents: read + jobs: build: