From 602918d5e96d9b2bdd02815bd45f1334c0d1b514 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:10:57 -0400 Subject: [PATCH 1/3] ci: scope down permissions for helm-chart-test.yaml --- .github/workflows/helm-chart-test.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/helm-chart-test.yaml b/.github/workflows/helm-chart-test.yaml index 2ab5df6..a74fa9a 100644 --- a/.github/workflows/helm-chart-test.yaml +++ b/.github/workflows/helm-chart-test.yaml @@ -5,6 +5,9 @@ on: schedule: - cron: '0 19 * * 1-5' +permissions: + contents: read + jobs: chartTests: name: Helm Chart Tests From 4a010d7e6c636fb12aa5a414b812ef12c90ebb23 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:10:58 -0400 Subject: [PATCH 2/3] ci: scope down permissions for build-and-test.yaml --- .github/workflows/build-and-test.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index f9217b3..a49b02a 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -17,6 +17,9 @@ env: DEFAULT_PY_VERSION: "3.9" IS_PUSH: ${{ github.event_name == 'push' }} +permissions: + contents: read + jobs: buildAndTest: name: Build and Test From 59afb2ee2a5ca88665d02d6061ad1b20f49a3955 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 17:11:00 -0400 Subject: [PATCH 3/3] ci: scope down permissions for stale.yaml --- .github/workflows/stale.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index a5b4c02..a0cc12f 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -4,6 +4,10 @@ on: schedule: - cron: "0 17 * * *" # Runs every day at 12:00PM CST +permissions: + issues: write + pull-requests: write + jobs: stale: runs-on: ubuntu-latest