ci(github): Reducing permissions scope for workflow

ViBiOh · ViBiOh · commit 26176921e2ea · 2022-06-25T10:05:14.000+02:00
Signed-off-by: Vincent Boutour &lt;bob@vibioh.fr&gt;
diff --git a/.github/workflows/branch_clean.yaml b/.github/workflows/branch_clean.yaml
@@ -1,6 +1,18 @@
 ---
 name: Git
 
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  deployments: read
+  issues: read
+  packages: read
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  security-events: read
+
 on:
   - pull_request
 
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -1,6 +1,18 @@
 ---
 name: Build
 
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  deployments: read
+  issues: read
+  packages: read
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  security-events: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
@@ -1,6 +1,18 @@
 ---
 name: CodeQL
 
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  deployments: read
+  issues: read
+  packages: read
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  security-events: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/herodote.yaml b/.github/workflows/herodote.yaml
@@ -1,6 +1,18 @@
 ---
 name: Herodote
 
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  deployments: read
+  issues: read
+  packages: read
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  security-events: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,6 +1,18 @@
 ---
 name: Release
 
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  deployments: read
+  issues: read
+  packages: read/write
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  security-events: read
+
 on:
   release:
     types:
