update(security): set GH token permissions scopes in CI workflows

Guts · Guts · commit bf9ec9bf7ab0 · 2025-11-07T10:43:28.000+01:00
diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml
@@ -14,6 +14,11 @@ on:
     paths-ignore:
       - "docs/**"
 
+# Sets permissions of the GITHUB_TOKEN
+permissions:
+  contents: read
+
+
 jobs:
   docker-build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml
@@ -15,6 +15,10 @@ on:
     paths-ignore:
       - "docs/**"
 
+# Sets permissions of the GITHUB_TOKEN
+permissions:
+  contents: read
+
 jobs:
   lintest:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pr-auto-labeler.yml b/.github/workflows/pr-auto-labeler.yml
@@ -2,6 +2,10 @@ name: "🏷 PR Labeler"
 on:
   - pull_request_target
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   triage:
     runs-on: ubuntu-latest
