Merge pull request #31923 from gaganhr94/fix/token-permissions

fix: adds topLevel permissions to improve openSSF scores
2026-05-28 04:35:48 -04:00 · 2026-04-29 07:35:52 -06:00 · 2026-04-29 07:35:52 -06:00 · 96c152cb1a
commit 96c152cb1a
parent 38f3704983 277d970255
2 changed files with 9 additions and 3 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -24,14 +24,15 @@ on:
  schedule:
    - cron: '29 6 * * 6'

-permissions:  
-  contents: read
-  security-events: write
+permissions: {}

 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write

    strategy:
      fail-fast: false
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@ -3,9 +3,14 @@ on:
  schedule:
  - cron: "0 0 * * *"

+permissions: {}
+
 jobs:
  stale:
    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
    steps:
    - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
      with: