ci: explicitly set permissions for workflows

2026-02-14 17:49:54 +00:00 · 2025-11-26 14:05:06 +01:00
parent c7aca2d061
commit 02b2d70673
1 changed files with 2 additions and 2 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -6,6 +6,8 @@ concurrency:
 env:
  GOOGLE_REGISTRY: europe-north1-docker.pkg.dev
  GITHUB_REGISTRY: ghcr.io
+permissions:
+  contents: read
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -25,7 +27,6 @@ jobs:
    name: Publish to Google and GitHub registries
    if: github.ref == 'refs/heads/master'
    permissions:
-      contents: "read"
      id-token: "write"
      packages: "write"
    runs-on: ubuntu-latest
@@ -56,7 +57,6 @@ jobs:
    if: github.ref == 'refs/heads/master'
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      id-token: write
    strategy:
      fail-fast: false