Set top-level permissions for workflows

Azure · Nov 13, 2024 · f76b6e5 · f76b6e5
1 parent 60c25be
commit f76b6e5
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml
@@ -11,6 +11,9 @@ on:
       - "**/bicepconfig.json"
   workflow_dispatch: {}
 
+permissions:
+  contents: read
+
 jobs:
   bicep_unit_tests:
     name: Bicep Build & Lint All Modules

diff --git a/.github/workflows/gh-ado-sync.yml b/.github/workflows/gh-ado-sync.yml
@@ -6,6 +6,9 @@ on:
   issue_comment:
     types: [created]
 
+permissions:
+  contents: read
+
 jobs:
   alert:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml
@@ -6,6 +6,9 @@ on:
       - main
   workflow_dispatch: {}
 
+permissions:
+  contents: read
+
 jobs:
   release-tests:
     name: Pre-Release Tests

diff --git a/.github/workflows/scheduled-bicep-build.yml b/.github/workflows/scheduled-bicep-build.yml
@@ -1,13 +1,12 @@
 name: Unit Tests - Scheduled Bicep Build
-
-permissions:
-  contents: read
-
 on:
   schedule:
     - cron: "0 8 * * 1-5"
   workflow_dispatch: {}
 
+permissions:
+  contents: read
+
 jobs:
   bicep_unit_tests:
     name: Bicep Build & Lint All Modules