diff --git a/.github/workflows/build_all_apps.yml b/.github/workflows/build_all_apps.yml index 47d09d9abe..f9bf574ecb 100644 --- a/.github/workflows/build_all_apps.yml +++ b/.github/workflows/build_all_apps.yml @@ -21,6 +21,9 @@ name: Apps on: [push, pull_request] +permissions: + contents: read + jobs: targets: name: Build all apps diff --git a/.github/workflows/build_blinky.yml b/.github/workflows/build_blinky.yml index a141cd1532..1728066fb9 100644 --- a/.github/workflows/build_blinky.yml +++ b/.github/workflows/build_blinky.yml @@ -21,6 +21,9 @@ name: Blinky on: [push, pull_request] +permissions: + contents: read + jobs: blinky: name: Build blinky diff --git a/.github/workflows/build_bootloader.yml b/.github/workflows/build_bootloader.yml index 5a1fea8dbd..cc130020e1 100644 --- a/.github/workflows/build_bootloader.yml +++ b/.github/workflows/build_bootloader.yml @@ -21,6 +21,9 @@ name: Bootloader on: [push, pull_request] +permissions: + contents: read + jobs: bootloader: name: Build bootloader diff --git a/.github/workflows/build_bootloader_main.yml b/.github/workflows/build_bootloader_main.yml index a4d6257f90..74d1fdb7d1 100644 --- a/.github/workflows/build_bootloader_main.yml +++ b/.github/workflows/build_bootloader_main.yml @@ -26,6 +26,9 @@ on: schedule: - cron: 42 0 * * * +permissions: + contents: read + jobs: bootloader: name: Build bootloader (main) diff --git a/.github/workflows/build_cc_target.yml b/.github/workflows/build_cc_target.yml index eff7ff6748..1bd62d1a35 100644 --- a/.github/workflows/build_cc_target.yml +++ b/.github/workflows/build_cc_target.yml @@ -21,6 +21,9 @@ name: GCC target on: [push, pull_request] +permissions: + contents: read + jobs: targets: name: Build GCC test target diff --git a/.github/workflows/build_targets.yml b/.github/workflows/build_targets.yml index 4ee19b93aa..6f99650242 100644 --- a/.github/workflows/build_targets.yml +++ b/.github/workflows/build_targets.yml @@ -21,6 +21,9 @@ name: Targets on: [push, pull_request] +permissions: + contents: read + jobs: targets: name: Build all test targets diff --git a/.github/workflows/check_compliance.yml b/.github/workflows/check_compliance.yml index 8ef9dbab67..d91a0af7ed 100644 --- a/.github/workflows/check_compliance.yml +++ b/.github/workflows/check_compliance.yml @@ -23,6 +23,11 @@ on: pull_request: types: [opened, synchronize, reopened, labeled, unlabeled] +permissions: + contents: read + issues: read + pull-requests: read + jobs: style_check: diff --git a/.github/workflows/newt_test_all.yml b/.github/workflows/newt_test_all.yml index c5ef6314d2..0b38456f01 100644 --- a/.github/workflows/newt_test_all.yml +++ b/.github/workflows/newt_test_all.yml @@ -21,6 +21,9 @@ name: Unit tests on: [push, pull_request] +permissions: + contents: read + jobs: newt_test: name: Run newt test all diff --git a/.github/workflows/update_hw_ci_badges.yml b/.github/workflows/update_hw_ci_badges.yml index c4a5a2ef37..bbc824e5ca 100644 --- a/.github/workflows/update_hw_ci_badges.yml +++ b/.github/workflows/update_hw_ci_badges.yml @@ -23,6 +23,10 @@ on: schedule: - cron: '0 5 * * *' +permissions: + contents: write + pull-requests: write + jobs: update-badges: runs-on: ubuntu-latest