From bf20c4f7f366df0c84b8485fbfe065e1d3c0180d Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Mon, 15 Jun 2026 22:12:07 +0900 Subject: [PATCH] ci: declare workflow-level `contents: read` on the 9 build/test workflows --- .github/workflows/build.yaml | 3 +++ .github/workflows/check_doc.yaml | 3 +++ .github/workflows/documentation.yaml | 3 +++ .github/workflows/experimental.yaml | 3 +++ .github/workflows/test-gateway-api-conformance.yaml | 3 +++ .github/workflows/test-integration.yaml | 3 +++ .github/workflows/test-knative-conformance.yaml | 3 +++ .github/workflows/test-unit.yaml | 3 +++ .github/workflows/validate.yaml | 3 +++ 9 files changed, 27 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 9e4039888..71ba17b6a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -12,6 +12,9 @@ on: env: CGO_ENABLED: 0 +permissions: + contents: read + jobs: build-webui: diff --git a/.github/workflows/check_doc.yaml b/.github/workflows/check_doc.yaml index df4c31b6b..4da20deea 100644 --- a/.github/workflows/check_doc.yaml +++ b/.github/workflows/check_doc.yaml @@ -8,6 +8,9 @@ on: - '.github/workflows/check_doc.yaml' - 'docs/**' +permissions: + contents: read + jobs: docs: diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index 1acae584b..2b6db8395 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -11,6 +11,9 @@ env: STRUCTOR_VERSION: v1.13.2 MIXTUS_VERSION: v0.4.1 +permissions: + contents: read + jobs: docs: diff --git a/.github/workflows/experimental.yaml b/.github/workflows/experimental.yaml index 2ac51f4eb..439b8aa35 100644 --- a/.github/workflows/experimental.yaml +++ b/.github/workflows/experimental.yaml @@ -9,6 +9,9 @@ on: env: CGO_ENABLED: 0 +permissions: + contents: read + jobs: build-webui: diff --git a/.github/workflows/test-gateway-api-conformance.yaml b/.github/workflows/test-gateway-api-conformance.yaml index 110d5538a..ae07b24be 100644 --- a/.github/workflows/test-gateway-api-conformance.yaml +++ b/.github/workflows/test-gateway-api-conformance.yaml @@ -14,6 +14,9 @@ on: env: CGO_ENABLED: 0 +permissions: + contents: read + jobs: test-gateway-api-conformance: diff --git a/.github/workflows/test-integration.yaml b/.github/workflows/test-integration.yaml index 30386f28d..d60367fe2 100644 --- a/.github/workflows/test-integration.yaml +++ b/.github/workflows/test-integration.yaml @@ -12,6 +12,9 @@ on: env: CGO_ENABLED: 0 +permissions: + contents: read + jobs: build: diff --git a/.github/workflows/test-knative-conformance.yaml b/.github/workflows/test-knative-conformance.yaml index ecba548c8..f7b6e2092 100644 --- a/.github/workflows/test-knative-conformance.yaml +++ b/.github/workflows/test-knative-conformance.yaml @@ -14,6 +14,9 @@ on: env: CGO_ENABLED: 0 +permissions: + contents: read + jobs: test-knative-conformance: diff --git a/.github/workflows/test-unit.yaml b/.github/workflows/test-unit.yaml index 0ca142248..52fcc8413 100644 --- a/.github/workflows/test-unit.yaml +++ b/.github/workflows/test-unit.yaml @@ -9,6 +9,9 @@ on: - '**.md' - 'script/gcg/**' +permissions: + contents: read + jobs: generate-packages: name: List Go Packages diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index eb02754cc..efcc75daf 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -9,6 +9,9 @@ env: GOLANGCI_LINT_VERSION: v2.10.1 MISSPELL_VERSION: v0.7.0 +permissions: + contents: read + jobs: lint: