Tighten GITHUB_TOKEN permissions (#2001)

2024-11-22 10:18:33 +00:00
parent bba1fa6d46
commit 1b8ee30693
19 changed files with 38 additions and 0 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,9 +11,13 @@ on:
                    - rc
                    - final
 concurrency: ${{ github.workflow }}
+permissions: {}
 jobs:
    release:
        uses: matrix-org/matrix-js-sdk/.github/workflows/release-make.yml@develop
+        permissions:
+            contents: write
+            issues: write
        secrets:
            ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
            GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
@@ -27,6 +31,8 @@ jobs:
        name: Post release checks
        needs: release
        runs-on: ubuntu-24.04
+        permissions:
+            checks: read
        steps:
            - name: Wait for desktop packaging
              uses: t3chguy/wait-on-check-action@18541021811b56544d90e0f073401c2b99e249d6 # fork