Merge pull request #164 from ToshY/ci/codql-permissions

ToshY · web-flow · commit 20d3e6f0719e · 2025-07-18T19:59:05.000+02:00
[ci] using permissions read for workflow actions
diff --git a/.github/workflows/generator.yml b/.github/workflows/generator.yml
@@ -1,9 +1,14 @@
 name: Generator
+
 on:
   workflow_dispatch:
   schedule:
     - cron: '0 0 * * 0'
 
+permissions:
+  contents: write
+  pull-requests: write
+
 env:
   API_SPEC_MANIFEST: https://toshy.github.io/bunnynet-openapi-specification/manifest.json
 
diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml
@@ -1,4 +1,5 @@
 name: PHPCS
+
 on:
   push:
     branches:
@@ -7,6 +8,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   phpcs:
     name: PHP CS Fixer
diff --git a/.github/workflows/phpmd.yml b/.github/workflows/phpmd.yml
@@ -1,4 +1,5 @@
 name: PHPMD
+
 on:
   push:
     branches:
@@ -7,6 +8,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   phpmd:
     name: PHPMD
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
@@ -1,4 +1,5 @@
 name: PHPStan
+
 on:
   push:
     branches:
@@ -7,6 +8,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   phpcs:
     name: PHPStan
diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml
@@ -1,4 +1,5 @@
 name: PHPUnit
+
 on:
   push:
     branches:
@@ -7,6 +8,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   phpcs:
     name: PHPUnit
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -1,4 +1,5 @@
 name: Security Check
+
 on:
   push:
     branches:
@@ -9,6 +10,9 @@ on:
   schedule:
     - cron: '0 3 * * 0'
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Security check
