diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 0140f3ae0..479e61295 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -3,6 +3,9 @@ name: build/test rabbitmq-dotnet-client on: - workflow_call +permissions: + contents: read + jobs: build-win32: runs-on: windows-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 873dc453d..7a4516eef 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,6 +19,9 @@ on: schedule: - cron: '16 4 * * 4' +permissions: + contents: read + jobs: analyze: name: Analyze diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index bd8de1d33..714590a07 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -10,6 +10,9 @@ on: - main - 'rabbitmq-dotnet-client-*' +permissions: + contents: read + jobs: call-build-test: uses: ./.github/workflows/build-test.yaml diff --git a/.github/workflows/oauth2.yaml b/.github/workflows/oauth2.yaml index 885dd1f53..638283cf7 100644 --- a/.github/workflows/oauth2.yaml +++ b/.github/workflows/oauth2.yaml @@ -6,6 +6,9 @@ on: pull_request: branches: [ main ] +permissions: + contents: read + jobs: build-test: strategy: diff --git a/.github/workflows/publish-nuget.yaml b/.github/workflows/publish-nuget.yaml index 6ecc9180f..be8328dc4 100644 --- a/.github/workflows/publish-nuget.yaml +++ b/.github/workflows/publish-nuget.yaml @@ -6,6 +6,9 @@ on: NUGET_API_KEY: required: true +permissions: + contents: read + jobs: publish-nuget: runs-on: windows-latest diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index c01e5451a..2161d1599 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -6,6 +6,9 @@ on: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release - published +permissions: + contents: read + jobs: call-build-test: uses: ./.github/workflows/build-test.yaml