diff --git a/.github/workflows/check-general-formatting-task.yml b/.github/workflows/check-general-formatting-task.yml
index 9a2d420..185ed32 100644
--- a/.github/workflows/check-general-formatting-task.yml
+++ b/.github/workflows/check-general-formatting-task.yml
@@ -15,6 +15,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -40,6 +41,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Set environment variables
diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml
index 0088c4e..34a8e01 100644
--- a/.github/workflows/check-go-dependencies-task.yml
+++ b/.github/workflows/check-go-dependencies-task.yml
@@ -37,6 +37,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -62,6 +63,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
@@ -119,6 +122,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
diff --git a/.github/workflows/check-go-task.yml b/.github/workflows/check-go-task.yml
index 4a03eaf..91c5363 100644
--- a/.github/workflows/check-go-task.yml
+++ b/.github/workflows/check-go-task.yml
@@ -31,6 +31,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -57,6 +58,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
@@ -90,6 +93,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
@@ -126,6 +131,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
@@ -162,6 +169,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
@@ -198,6 +207,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml
index 39f738d..a33e8e2 100644
--- a/.github/workflows/check-license.yml
+++ b/.github/workflows/check-license.yml
@@ -35,6 +35,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -60,6 +61,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
diff --git a/.github/workflows/check-markdown-task.yml b/.github/workflows/check-markdown-task.yml
index c8f3ee3..9493920 100644
--- a/.github/workflows/check-markdown-task.yml
+++ b/.github/workflows/check-markdown-task.yml
@@ -39,6 +39,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -64,6 +65,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
@@ -90,6 +93,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
diff --git a/.github/workflows/check-npm-task.yml b/.github/workflows/check-npm-task.yml
index ee41352..ca41257 100644
--- a/.github/workflows/check-npm-task.yml
+++ b/.github/workflows/check-npm-task.yml
@@ -24,12 +24,10 @@ on:
workflow_dispatch:
repository_dispatch:
-permissions:
- contents: read
-
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -56,6 +54,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
@@ -90,6 +90,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
diff --git a/.github/workflows/check-prettier-formatting-task.yml b/.github/workflows/check-prettier-formatting-task.yml
index 2abad99..f74f831 100644
--- a/.github/workflows/check-prettier-formatting-task.yml
+++ b/.github/workflows/check-prettier-formatting-task.yml
@@ -233,6 +233,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
diff --git a/.github/workflows/check-taskfiles.yml b/.github/workflows/check-taskfiles.yml
index 752ca4d..70b9b59 100644
--- a/.github/workflows/check-taskfiles.yml
+++ b/.github/workflows/check-taskfiles.yml
@@ -29,6 +29,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -55,6 +56,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
diff --git a/.github/workflows/check-workflows-task.yml b/.github/workflows/check-workflows-task.yml
index 32d75ac..714380a 100644
--- a/.github/workflows/check-workflows-task.yml
+++ b/.github/workflows/check-workflows-task.yml
@@ -26,6 +26,8 @@ on:
jobs:
validate:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
diff --git a/.github/workflows/check-yaml-task.yml b/.github/workflows/check-yaml-task.yml
index 5194fbf..9bd15ad 100644
--- a/.github/workflows/check-yaml-task.yml
+++ b/.github/workflows/check-yaml-task.yml
@@ -49,6 +49,7 @@ on:
jobs:
run-determination:
runs-on: ubuntu-latest
+ permissions: {}
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
@@ -75,6 +76,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
fail-fast: false
diff --git a/.github/workflows/release-go-crosscompile-task.yml b/.github/workflows/release-go-crosscompile-task.yml
index 78dd996..c355b5c 100644
--- a/.github/workflows/release-go-crosscompile-task.yml
+++ b/.github/workflows/release-go-crosscompile-task.yml
@@ -20,6 +20,8 @@ on:
jobs:
create-release-artifacts:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
strategy:
matrix:
@@ -87,6 +89,8 @@ jobs:
outputs:
checksum-darwin_amd64: ${{ steps.re-package.outputs.checksum-darwin_amd64 }}
checksum-darwin_arm64: ${{ steps.re-package.outputs.checksum-darwin_arm64 }}
+ permissions:
+ contents: read
env:
GON_CONFIG_PATH: gon.config.hcl
@@ -198,6 +202,8 @@ jobs:
create-release:
runs-on: ubuntu-latest
needs: notarize-macos
+ permissions:
+ contents: write
steps:
- name: Download artifact
diff --git a/.github/workflows/spell-check-task.yml b/.github/workflows/spell-check-task.yml
index 7e08739..e00c308 100644
--- a/.github/workflows/spell-check-task.yml
+++ b/.github/workflows/spell-check-task.yml
@@ -45,6 +45,8 @@ jobs:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
diff --git a/.github/workflows/sync-labels-npm.yml b/.github/workflows/sync-labels-npm.yml
index 88c6956..8369ea4 100644
--- a/.github/workflows/sync-labels-npm.yml
+++ b/.github/workflows/sync-labels-npm.yml
@@ -30,6 +30,8 @@ on:
jobs:
check:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- name: Checkout repository
@@ -65,6 +67,7 @@ jobs:
download:
needs: check
runs-on: ubuntu-latest
+ permissions: {}
strategy:
matrix:
@@ -92,6 +95,9 @@ jobs:
sync:
needs: download
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ issues: write
steps:
- name: Set environment variables