Merge pull request #334 from raulcabello/token-permission

Add read-all permission to all workflows

.github/workflows/ci.yml

@@ -5,6 +5,9 @@ on:
   push:
   pull_request:
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   unit_tests:
     name: Unit tests

.github/workflows/container-build.yml

@@ -10,6 +10,9 @@ on:
     branches:
       - "*"
 
+# Declare default permissions as read only.
+permissions: read-all
+
 
 jobs:
   build:

.github/workflows/container-image.yml

@@ -1,5 +1,8 @@
 name: Build container image
 
+# Declare default permissions as read only.
+permissions: read-all
+
 on:
   workflow_call:
     inputs:

.github/workflows/e2e-tests.yml

@@ -1,5 +1,8 @@
 name: End-to-end tests
 
+# Declare default permissions as read only.
+permissions: read-all
+
 on:
   workflow_dispatch:
   schedule:

.github/workflows/fossa.yml

@@ -5,6 +5,10 @@ on:
     - 'v*'
     branches:
     - 'main'
+
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   fossa-scan:
     runs-on: ubuntu-latest

.github/workflows/openssf.yml

@@ -15,8 +15,6 @@ jobs:
       security-events: write
       # Used to receive a badge. (Upcoming feature)
       id-token: write
-      actions: read
-      contents: read
 
     steps:
       - name: "Checkout code"

.github/workflows/release.yml

@@ -3,6 +3,10 @@ on:
   push:
     tags:
     - 'v*'
+
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   ci:
     uses: kubewarden/kubewarden-controller/.github/workflows/ci.yml@main