Add permissions to stability-* workflows (#44212)

Signed-off-by: stianst <stianst@gmail.com>
2025-12-16 20:15:46 -06:00 · 2025-11-14 12:02:54 +01:00
parent bcf6df545b
commit 4f80d692c0
4 changed files with 18 additions and 0 deletions
--- a/.github/workflows/stability-base-reruns.yml
+++ b/.github/workflows/stability-base-reruns.yml
@@ -19,6 +19,9 @@ defaults:
  run:
    shell: bash

+permissions:
+  contents: read
+
 jobs:

  build:
--- a/.github/workflows/stability-base.yml
+++ b/.github/workflows/stability-base.yml
@@ -10,6 +10,9 @@ defaults:
  run:
    shell: bash

+permissions:
+  contents: read
+
 jobs:

  build:
@@ -50,6 +53,8 @@ jobs:
    if: always()
    env:
      GH_TOKEN: ${{ github.token }}
+    permissions:
+      actions: write
    steps:
      - name: Delete artifacts
        run:
--- a/.github/workflows/stability-clustering.yml
+++ b/.github/workflows/stability-clustering.yml
@@ -10,6 +10,9 @@ defaults:
  run:
    shell: bash

+permissions:
+  contents: read
+
 jobs:

  build:
@@ -46,6 +49,8 @@ jobs:
    if: always()
    env:
      GH_TOKEN: ${{ github.token }}
+    permissions:
+      actions: write
    steps:
      - name: Delete artifacts
        run:
--- a/.github/workflows/stability-js-ci.yml
+++ b/.github/workflows/stability-js-ci.yml
@@ -10,6 +10,9 @@ defaults:
  run:
    shell: bash

+permissions:
+  contents: read
+
 jobs:
  build-keycloak:
    name: Build Keycloak
@@ -159,6 +162,8 @@ jobs:
    if: always()
    env:
      GH_TOKEN: ${{ github.token }}
+    permissions:
+      actions: write
    steps:
      - name: Delete artifacts (excluding Playwright reports and server logs)
        run: |