Merge pull request #779 from pi1814/master

Changes to set minimum token permissions for the GITHUB_TOKEN in yaml files
kubernetes · Dec 17, 2023 · 0ec39c2 · 0ec39c2
2 parents 64508ed + 20cee90
commit 0ec39c2
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/.github/workflows/helm_chart_release.yaml b/.github/workflows/helm_chart_release.yaml
@@ -8,8 +8,13 @@ on:
     paths:
       - "charts/**"
 
+permissions:
+  contents: read
+
 jobs:
   release:
+    permissions:
+      contents: write  # for helm/chart-releaser-action to push chart release and create a release
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -25,4 +30,4 @@ jobs:
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
-          config: .github/cr.yaml
+          config: .github/cr.yaml
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -8,6 +8,9 @@ on:
     paths:
       - version.txt
 
+permissions:
+  contents: read
+
 jobs:
   tag:
     if: ${{ github.repository == 'kubernetes/cloud-provider-aws' }}