Add Permissions

Author: Vamshi-Microsoft

.github/workflows/deploy-linux.yml

@@ -93,7 +93,9 @@ on:
 
   schedule:
     - cron: '0 9,21 * * *'  # Runs at 9:00 AM and 9:00 PM GMT
-
+permissions:
+  contents: read
+  actions: read
 jobs:
   Run:
     uses: ./.github/workflows/deploy-orchestrator.yml

.github/workflows/deploy-orchestrator.yml

@@ -64,7 +64,10 @@ on:
 
 env:
   AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   docker-build:
     uses: ./.github/workflows/job-docker-build.yml

.github/workflows/deploy-windows.yml

@@ -83,7 +83,10 @@ on:
 
   # schedule:
   #   - cron: '0 9,21 * * *'  # Runs at 9:00 AM and 9:00 PM GMT
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   Run:
     uses: ./.github/workflows/deploy-orchestrator.yml

.github/workflows/deploy.yml

@@ -20,7 +20,10 @@ env:
   GPT_MIN_CAPACITY: 150
   TEXT_EMBEDDING_MIN_CAPACITY: 80
   BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   deploy:
     runs-on: ubuntu-latest

.github/workflows/docker-build-and-push.yml

@@ -26,7 +26,10 @@ on:
       - '!src/tests/**'
   merge_group:
   workflow_dispatch:
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   build-and-push:
     runs-on: ubuntu-latest

.github/workflows/job-cleanup-deployment.yml

@@ -40,7 +40,10 @@ on:
         description: 'Docker Image Tag'
         required: true
         type: string
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   cleanup-deployment:
     runs-on: ${{ inputs.runner_os }}

.github/workflows/job-deploy-linux.yml

@@ -38,7 +38,10 @@ on:
       WEB_APPURL:
         description: "Container Web App URL"
         value: ${{ jobs.deploy-linux.outputs.WEB_APPURL }}
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   deploy-linux:
     runs-on: ubuntu-latest

.github/workflows/job-deploy-windows.yml

@@ -38,7 +38,10 @@ on:
       WEB_APPURL:
         description: "Container Web App URL"
         value: ${{ jobs.deploy-windows.outputs.WEB_APPURL }}
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   deploy-windows:
     runs-on: windows-latest

.github/workflows/job-deploy.yml

@@ -98,7 +98,10 @@ env:
   CLEANUP_RESOURCES: ${{ inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources }}
   RUN_E2E_TESTS: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.run_e2e_tests || 'GoldenPath-Testing') || 'GoldenPath-Testing' }}
   BUILD_DOCKER_IMAGE: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.build_docker_image || false) || false }}
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   azure-setup:
     name: Azure Setup

.github/workflows/job-docker-build.yml

@@ -19,7 +19,10 @@ on:
 
 env:
   BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
-
+permissions:
+  contents: read
+  actions: read
+  
 jobs:
   docker-build:
     if: inputs.trigger_type == 'workflow_dispatch' && inputs.build_docker_image == true