diff --git a/.github/workflows/meet.yml b/.github/workflows/meet.yml index 0d052cbf..b0eac232 100644 --- a/.github/workflows/meet.yml +++ b/.github/workflows/meet.yml @@ -7,11 +7,15 @@ on: pull_request: branches: - "*" +permissions: + contents: read jobs: lint-git: runs-on: ubuntu-latest if: github.event_name == 'pull_request' # Makes sense only for pull requests + permissions: + contents: read steps: - name: Checkout repository uses: actions/checkout@v6 @@ -39,6 +43,8 @@ jobs: if: | contains(github.event.pull_request.labels.*.name, 'noChangeLog') == false && github.event_name == 'pull_request' + permissions: + contents: read steps: - name: Checkout repository uses: actions/checkout@v6 @@ -49,6 +55,8 @@ jobs: lint-changelog: runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout repository uses: actions/checkout@v6 @@ -62,6 +70,8 @@ jobs: build-mails: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: working-directory: src/mail @@ -102,6 +112,8 @@ jobs: lint-back: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: working-directory: src/backend @@ -124,6 +136,8 @@ jobs: lint-agents: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: working-directory: src/agents @@ -144,6 +158,8 @@ jobs: lint-summary: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: working-directory: src/summary @@ -165,7 +181,8 @@ jobs: test-back: runs-on: ubuntu-latest needs: build-mails - + permissions: + contents: read defaults: run: working-directory: src/backend @@ -279,6 +296,8 @@ jobs: lint-front: runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout repository uses: actions/checkout@v6 @@ -294,6 +313,8 @@ jobs: lint-sdk: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: working-directory: src/sdk/library @@ -312,6 +333,8 @@ jobs: build-sdk: runs-on: ubuntu-latest + permissions: + contents: read needs: lint-sdk defaults: run: