Fix CI and GitLeaks GitHub actions permissions (2)

dihedron · dihedron · commit 308115c4d42d · 2026-03-25T22:09:38.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,6 +5,10 @@ on:
     branches:
       - "**"
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -28,8 +32,5 @@ jobs:
 
       - name: Run Makefile target
         run: make
-        permissions:
-          contents: read
-          pull-requests: write
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -1,10 +1,16 @@
 name: Gitleaks
+
 on:
   push:
   pull_request:
   workflow_dispatch:
   schedule:
     - cron: "0 4 * * *" # run once a day at 4 AM
+
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   scan:
     name: Gitleaks
@@ -17,8 +23,5 @@ jobs:
 
       - name: Run Gitleaks
         uses: gitleaks/gitleaks-action@v2
-        permissions:
-          contents: read
-          pull-requests: write
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
