From 58f692a0f334d35335e5cda0cc56056ee86e8bfa Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 12 May 2025 11:55:05 +0200 Subject: [PATCH 1/2] chore: GH workflow permissions Signed-off-by: Jan Kowalleck --- .github/workflows/docker.yml | 2 ++ .github/workflows/python.yml | 2 ++ .github/workflows/release.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 263d85fa2..4b4ee82bc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -18,6 +18,8 @@ env: PYTHON_VERSION: "3.12" POETRY_VERSION: "1.8.1" +permissions: {} + jobs: test: name: Build and test docker image diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 52f776137..3e606d92e 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -41,6 +41,8 @@ env: TESTS_REPORTS_ARTIFACT: tests-reports PIPENV_VENV_IN_PROJECT: 1 +permissions: {} + jobs: coding-standards: name: Linting & Coding Standards diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ee7a4ca53..5f9eef307 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,8 @@ env: PYTHON_VERSION_DEFAULT: "3.12" POETRY_VERSION: "1.8.1" +permissions: {} + jobs: quicktest: runs-on: ubuntu-latest From 442b98b6abf713295110bf3ad0b63a707072a65b Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 12 May 2025 12:10:28 +0200 Subject: [PATCH 2/2] chore: GH workflow permissions Signed-off-by: Jan Kowalleck --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5f9eef307..9f75599b9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -162,6 +162,8 @@ jobs: needs.release-PyPI.outputs.version && needs.release-PyPI.outputs.tag runs-on: ubuntu-latest + permissions: + packages: write env: VERSION: ${{ needs.release-PyPI.outputs.version }} ARTIFACT_DOCKER_SBOM: 'docker-image-bom'