security: add permissions block to workflows (#3531)

reakaleek · web-flow · commit f45c74616f0c · 2024-03-12T10:02:33.000+01:00
diff --git a/.github/workflows/addToProject.yml b/.github/workflows/addToProject.yml
@@ -3,6 +3,9 @@ on:
   issues:
     types:
       - opened, milestoned
+permissions:
+  contents: read
+
 jobs:
   add_to_project:
     if: github.event.issue && github.event.issue.milestone
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -5,6 +5,11 @@ on:
   pull_request_target:
     types: [opened]
 
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 jobs:
   triage:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -12,6 +12,9 @@ on:
         default: false
         type: boolean
 
+permissions:
+  contents: read
+
 jobs:
   deploy:
     name: Deploy
diff --git a/.github/workflows/test-reporter.yml b/.github/workflows/test-reporter.yml
@@ -8,6 +8,11 @@ on:
     types:
       - completed
 
+permissions:
+  contents: read
+  actions: read
+  checks: write
+
 jobs:
   report:
     runs-on: ubuntu-latest
