refactor(ci): set permissions (#275)

EagleoutIce · web-flow · commit 34bace128518 · 2025-05-02T18:55:57.000+02:00
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -7,6 +7,10 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
+    
+    permissions:
+      contents: read
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -5,6 +5,13 @@ on:
 jobs:
   package:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      packages: write
+      pull-requests: read
+      id-token: write
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,6 +5,10 @@ on:
 jobs:
   test:
     name: Test for release
+
+    permissions:
+      contents: read
+
     if: startsWith(github.event.head_commit.message, '[release:minor]') ||
       startsWith(github.event.head_commit.message, '[release:major]') ||
       startsWith(github.event.head_commit.message, '[release:patch]')
@@ -13,6 +17,12 @@ jobs:
   release:
     runs-on: ubuntu-latest
     needs: [test]
+    
+    permissions:
+      contents: write
+      packages: write
+      pull-requests: read
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -8,6 +8,10 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
