Add explicit permissions to all actions workflows (#36140)

Explicitely specify all workflow [`permissions`](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions). This will fix [26 CodeQL alerts](https://github.com/go-gitea/gitea/security/code-scanning?query=permissions+is%3Aopen+branch%3Amain+).
2026-02-07 09:49:41 +09:00 · 2025-12-12 17:48:29 +01:00
parent 87b855bd15
commit 4c06c98dda
9 changed files with 53 additions and 0 deletions
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@@ -15,6 +15,8 @@ jobs:
    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
      - uses: actions/checkout@v6
      - uses: docker/setup-buildx-action@v3