From ea481a1182cf867275d9004cd303627a8521d33c Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:19:15 -0400 Subject: [PATCH 1/3] ci: scope down permissions for release-please.yml Signed-off-by: Adnan Khan --- .github/workflows/release-please.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 636ca19..b7c2163 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -3,6 +3,10 @@ on: branches: - main name: release-please +permissions: + contents: write + pull-requests: write + jobs: release-please: runs-on: ubuntu-latest From 61175c8a8acfecad54a88bbdc8fc7f5f65917480 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:19:17 -0400 Subject: [PATCH 2/3] ci: scope down permissions for lint-pr-title.yml Signed-off-by: Adnan Khan --- .github/workflows/lint-pr-title.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml index a5f85d7..1bbfc28 100644 --- a/.github/workflows/lint-pr-title.yml +++ b/.github/workflows/lint-pr-title.yml @@ -8,6 +8,10 @@ on: - reopened - synchronize +permissions: + pull-requests: read + contents: read + jobs: main: name: conventional-commit From cdbb2a05723b8dd3d5c52e450b26582839eda9fa Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:19:19 -0400 Subject: [PATCH 3/3] ci: scope down permissions for ci.yml Signed-off-by: Adnan Khan --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba577be..30c1c63 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,9 @@ on: pull_request: branches: - main +permissions: + contents: read + jobs: go-linter: runs-on: ubuntu-latest