workflow: add permissions settings

Toni500github · Toni500github · commit 9dd18d3eb113 · 2025-06-19T00:06:09.000+02:00
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   build-ubuntu_22-04:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -54,6 +56,8 @@ jobs:
 
   build-ubuntu-22_04-GUI:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -90,6 +94,8 @@ jobs:
 
   build_Arch:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     container:
       image: archlinux
 
@@ -134,6 +140,9 @@ jobs:
 
   build-macos:
     runs-on: macos-latest
+    permissions:
+      contents: read
+
     steps:
       - uses: actions/checkout@v4
 
diff --git a/.github/workflows/makefile.yml b/.github/workflows/makefile.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   build-deb:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -51,6 +53,8 @@ jobs:
 
   build-deb-gui:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -88,6 +92,8 @@ jobs:
   
   build-ubuntu_22-04:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -128,6 +134,8 @@ jobs:
 
   build-ubuntu-22_04-GUI:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -159,6 +167,8 @@ jobs:
 
   build_Arch-AUR:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     container:
       image: archlinux
 
@@ -198,6 +208,8 @@ jobs:
 
   build_Arch:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     container:
       image: archlinux
 
@@ -238,6 +250,9 @@ jobs:
 
   build-macos:
     runs-on: macos-latest
+    permissions:
+      contents: read
+
     steps:
       - uses: actions/checkout@v4
 
@@ -271,6 +286,9 @@ jobs:
 
   test-suitcase:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+
     steps:
     - uses: actions/checkout@v4
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,9 +3,9 @@ name: Release
 on:
   push:
     tags: "*"
-    paths:
+    #paths:
       # trigger release workflow only if this file changed
-      - .github/workflows/release.yml
+      #- .github/workflows/release.yml
 
 jobs:
   get-version:
@@ -21,6 +21,8 @@ jobs:
 
   build-tar:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -47,6 +49,8 @@ jobs:
 
   build-gui-tar:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -73,6 +77,8 @@ jobs:
 
   build-deb:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
@@ -108,6 +114,8 @@ jobs:
 
   build-deb-gui:
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
 
     steps:
     - uses: actions/checkout@v4
