CI: add explicit permissions to all workflow jobs (fixes code-scanning #40-#57) (#67612)

2026-05-06 15:10:52 +00:00 · 2026-04-16 18:18:35 +08:00
parent 6ea3cddf0d
commit 01b7516a95
4 changed files with 47 additions and 0 deletions
--- a/.github/workflows/workflow-sanity.yml
+++ b/.github/workflows/workflow-sanity.yml
@@ -6,6 +6,9 @@ on:
    branches: [main]
  workflow_dispatch:

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: ${{ github.event_name == 'pull_request' }}