Add workflow permissions

navikt · Sep 4, 2023 · efc2e6b · efc2e6b
1 parent bda7397
commit efc2e6b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -9,6 +9,10 @@ on:
 
 jobs:
   monitor:
+    permissions:
+      contents: read
+      id-token: write
+      security-events: write
     uses: navikt/isworkflows/.github/workflows/codeql.yml@master
     with:
       languages: "[ 'javascript' ]"

diff --git a/.github/workflows/dispatch-dev.yaml b/.github/workflows/dispatch-dev.yaml
@@ -11,6 +11,9 @@ on:
 jobs:
   deploy-dev:
     name: Deploy to NAIS Dev-gcp
+    permissions:
+      contents: read
+      id-token: write
     uses: navikt/isworkflows/.github/workflows/manual-deploy-dev.yml@master
     with:
       git-commit: ${{ github.event.inputs.gitCommit }}

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -4,6 +4,9 @@ on: push
 
 jobs:
   build-and-deploy:
+    permissions:
+      contents: read
+      id-token: write
     uses: navikt/isworkflows/.github/workflows/node-build-deploy.yml@master
     with:
       dev-cluster: dev-gcp