Skip to content

Commit 36c5b94

Browse files
Add Permissions
1 parent 97cf33c commit 36c5b94

13 files changed

Lines changed: 51 additions & 13 deletions

.github/workflows/deploy-linux.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,9 @@ on:
9393

9494
schedule:
9595
- cron: '0 9,21 * * *' # Runs at 9:00 AM and 9:00 PM GMT
96-
96+
permissions:
97+
contents: read
98+
actions: read
9799
jobs:
98100
Run:
99101
uses: ./.github/workflows/deploy-orchestrator.yml

.github/workflows/deploy-orchestrator.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,10 @@ on:
6464

6565
env:
6666
AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
67-
67+
permissions:
68+
contents: read
69+
actions: read
70+
6871
jobs:
6972
docker-build:
7073
uses: ./.github/workflows/job-docker-build.yml

.github/workflows/deploy-windows.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,10 @@ on:
8383

8484
# schedule:
8585
# - cron: '0 9,21 * * *' # Runs at 9:00 AM and 9:00 PM GMT
86-
86+
permissions:
87+
contents: read
88+
actions: read
89+
8790
jobs:
8891
Run:
8992
uses: ./.github/workflows/deploy-orchestrator.yml

.github/workflows/deploy.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,10 @@ env:
2020
GPT_MIN_CAPACITY: 150
2121
TEXT_EMBEDDING_MIN_CAPACITY: 80
2222
BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
23-
23+
permissions:
24+
contents: read
25+
actions: read
26+
2427
jobs:
2528
deploy:
2629
runs-on: ubuntu-latest

.github/workflows/docker-build-and-push.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,10 @@ on:
2626
- '!src/tests/**'
2727
merge_group:
2828
workflow_dispatch:
29-
29+
permissions:
30+
contents: read
31+
actions: read
32+
3033
jobs:
3134
build-and-push:
3235
runs-on: ubuntu-latest

.github/workflows/job-cleanup-deployment.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,10 @@ on:
4040
description: 'Docker Image Tag'
4141
required: true
4242
type: string
43-
43+
permissions:
44+
contents: read
45+
actions: read
46+
4447
jobs:
4548
cleanup-deployment:
4649
runs-on: ${{ inputs.runner_os }}

.github/workflows/job-deploy-linux.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,10 @@ on:
3838
WEB_APPURL:
3939
description: "Container Web App URL"
4040
value: ${{ jobs.deploy-linux.outputs.WEB_APPURL }}
41-
41+
permissions:
42+
contents: read
43+
actions: read
44+
4245
jobs:
4346
deploy-linux:
4447
runs-on: ubuntu-latest

.github/workflows/job-deploy-windows.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,10 @@ on:
3838
WEB_APPURL:
3939
description: "Container Web App URL"
4040
value: ${{ jobs.deploy-windows.outputs.WEB_APPURL }}
41-
41+
permissions:
42+
contents: read
43+
actions: read
44+
4245
jobs:
4346
deploy-windows:
4447
runs-on: windows-latest

.github/workflows/job-deploy.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,10 @@ env:
9898
CLEANUP_RESOURCES: ${{ inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources }}
9999
RUN_E2E_TESTS: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.run_e2e_tests || 'GoldenPath-Testing') || 'GoldenPath-Testing' }}
100100
BUILD_DOCKER_IMAGE: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.build_docker_image || false) || false }}
101-
101+
permissions:
102+
contents: read
103+
actions: read
104+
102105
jobs:
103106
azure-setup:
104107
name: Azure Setup

.github/workflows/job-docker-build.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,10 @@ on:
1919

2020
env:
2121
BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
22-
22+
permissions:
23+
contents: read
24+
actions: read
25+
2326
jobs:
2427
docker-build:
2528
if: inputs.trigger_type == 'workflow_dispatch' && inputs.build_docker_image == true

0 commit comments

Comments
 (0)