diff --git a/.github/workflows/bundled_gems.yml b/.github/workflows/bundled_gems.yml index 6c9b0aa..b710b25 100644 --- a/.github/workflows/bundled_gems.yml +++ b/.github/workflows/bundled_gems.yml @@ -4,6 +4,9 @@ on: schedule: - cron: '15 7 * * *' +permissions: + contents: read + jobs: Update-bundled_gems: diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 33623b2..a31ec14 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -6,6 +6,9 @@ on: types: "coverage" workflow_dispatch: +permissions: + contents: read + jobs: latest: runs-on: ubuntu-latest diff --git a/.github/workflows/doxygen.yml b/.github/workflows/doxygen.yml index f646e91..8a7bc23 100644 --- a/.github/workflows/doxygen.yml +++ b/.github/workflows/doxygen.yml @@ -6,6 +6,9 @@ on: types: "doxygen" workflow_dispatch: +permissions: + contents: read + jobs: latest: runs-on: ubuntu-latest diff --git a/.github/workflows/remove-tmp-package.yml b/.github/workflows/remove-tmp-package.yml index 398005d..26de547 100644 --- a/.github/workflows/remove-tmp-package.yml +++ b/.github/workflows/remove-tmp-package.yml @@ -11,6 +11,9 @@ on: required: true default: 3.0.0-preview1-draft +permissions: + contents: read + jobs: remove: runs-on: ubuntu-latest diff --git a/.github/workflows/snapshot-master.yml b/.github/workflows/snapshot-master.yml index f5bcab0..798e9ea 100644 --- a/.github/workflows/snapshot-master.yml +++ b/.github/workflows/snapshot-master.yml @@ -16,6 +16,9 @@ on: env: TEST_BUNDLED_GEMS_ALLOW_FAILURES: "power_assert" +permissions: + contents: read + jobs: make-snapshot: runs-on: ubuntu-latest diff --git a/.github/workflows/snapshot-ruby_3_3.yml b/.github/workflows/snapshot-ruby_3_3.yml index b31aec4..ae16d4f 100644 --- a/.github/workflows/snapshot-ruby_3_3.yml +++ b/.github/workflows/snapshot-ruby_3_3.yml @@ -16,6 +16,9 @@ on: env: TEST_BUNDLED_GEMS_ALLOW_FAILURES: "" +permissions: + contents: read + jobs: make-snapshot: runs-on: ubuntu-latest diff --git a/.github/workflows/snapshot-ruby_3_4.yml b/.github/workflows/snapshot-ruby_3_4.yml index 4b96490..6cbc621 100644 --- a/.github/workflows/snapshot-ruby_3_4.yml +++ b/.github/workflows/snapshot-ruby_3_4.yml @@ -16,6 +16,9 @@ on: env: TEST_BUNDLED_GEMS_ALLOW_FAILURES: "" +permissions: + contents: read + jobs: make-snapshot: runs-on: ubuntu-latest diff --git a/.github/workflows/snapshot-ruby_4_0.yml b/.github/workflows/snapshot-ruby_4_0.yml index 435f910..7bfb789 100644 --- a/.github/workflows/snapshot-ruby_4_0.yml +++ b/.github/workflows/snapshot-ruby_4_0.yml @@ -16,6 +16,9 @@ on: env: TEST_BUNDLED_GEMS_ALLOW_FAILURES: "power_assert" +permissions: + contents: read + jobs: make-snapshot: runs-on: ubuntu-latest diff --git a/.github/workflows/test_ruby_versions.yml b/.github/workflows/test_ruby_versions.yml index 242c667..4c9745d 100644 --- a/.github/workflows/test_ruby_versions.yml +++ b/.github/workflows/test_ruby_versions.yml @@ -10,6 +10,9 @@ on: - '.github/workflows/ruby_versions.yml' - '.github/workflows/test_ruby_versions.yml' +permissions: + contents: read + jobs: call_defaults: uses: ./.github/workflows/ruby_versions.yml diff --git a/.github/workflows/update_ci_versions.yml b/.github/workflows/update_ci_versions.yml index 3a97c7a..3cc8bc5 100644 --- a/.github/workflows/update_ci_versions.yml +++ b/.github/workflows/update_ci_versions.yml @@ -6,6 +6,9 @@ on: repository_dispatch: types: "update_ci_versions" +permissions: + contents: read + jobs: update_ci_versions: runs-on: ubuntu-latest diff --git a/.github/workflows/update_index.yml b/.github/workflows/update_index.yml index e37413f..b51459f 100644 --- a/.github/workflows/update_index.yml +++ b/.github/workflows/update_index.yml @@ -7,6 +7,9 @@ on: types: "update_index" workflow_dispatch: +permissions: + contents: read + jobs: update_index: runs-on: ubuntu-latest