This should wipe out action related security flags

2025-12-31 18:17:29 +01:00 · 2025-12-27 19:09:27 -05:00
parent 48e4f8da2a
commit b8910f1b21
5 changed files with 29 additions and 1 deletions
--- a/.github/workflows/e2e-partial.yaml
+++ b/.github/workflows/e2e-partial.yaml
@@ -1,5 +1,11 @@
 name: E2E (Playwright)

+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
  workflow_call:

--- a/.github/workflows/issue-gatekeeper.yml
+++ b/.github/workflows/issue-gatekeeper.yml
@@ -1,4 +1,8 @@
 name: Issue Gatekeeper
+
+permissions:
+  issues: write
+
 on:
  issues:
    types: [ opened ]
@@ -8,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Verify Internal Template Use
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
        with:
          script: |
            const { owner, repo } = context.repo;
--- a/.github/workflows/partial-backend.yaml
+++ b/.github/workflows/partial-backend.yaml
@@ -1,5 +1,11 @@
 name: Go Build/Test

+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
  workflow_call:

--- a/.github/workflows/partial-frontend.yaml
+++ b/.github/workflows/partial-frontend.yaml
@@ -1,5 +1,11 @@
 name: Frontend

+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
  workflow_call:

--- a/.github/workflows/pull-requests.yaml
+++ b/.github/workflows/pull-requests.yaml
@@ -1,5 +1,11 @@
 name: Pull Request CI

+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
  pull_request:
    branches: