From 4f4586d602d31fbc4a1aa5d43712f39a641421f5 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:40:13 -0400 Subject: [PATCH 1/3] ci: scope down permissions for release.yaml --- .github/workflows/release.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 339f69ee..71635f52 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,6 +7,10 @@ env: GITHUB_USERNAME: ${{ secrets.EKS_BOT_GITHUB_USERNAME }} GITHUB_TOKEN: ${{ secrets.EKS_BOT_GITHUB_TOKEN }} +permissions: + contents: write + pull-requests: write + jobs: release: From 8e9a03ddb4c382e481cbc55204ee06379aba7d5b Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:40:15 -0400 Subject: [PATCH 2/3] ci: scope down permissions for unit-test.yml --- .github/workflows/unit-test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index c21cfb5b..a438284d 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -7,6 +7,9 @@ on: branches: - master +permissions: + contents: read + jobs: build: name: unit-test From 9b8a20a07fa8d21febce37e53f9a5272049c5522 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:40:16 -0400 Subject: [PATCH 3/3] ci: scope down permissions for build.yml --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d56fb761..9db523d2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,6 +7,9 @@ on: branches: - master +permissions: + contents: read + jobs: build: name: build