diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index c75398a..1a37205 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -3,6 +3,8 @@ name: Check links on: [push, pull_request] +permissions: read-all + jobs: markdown-link-check: name: Check links using markdown-link-check diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 798f475..1ea2367 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -9,6 +9,9 @@ on: paths: - 'deployment/**' +permissions: + pull-requests: write + jobs: terraform: name: 'Terraform' diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6b47bb7..a9e11e4 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,6 +1,8 @@ --- name: Check the container can be built +permissions: read-all + on: push: branches: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d16d7f8..b8885e1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,7 +1,9 @@ --- name: Lint -on: [push, pull_request] +on: pull_request + +permissions: read-all jobs: super-lint: @@ -13,12 +15,11 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - # Full git history needed to get proper list of changed files fetch-depth: 0 # Runs the Super-Linter action - name: Run Super-Linter on new changes - uses: github/super-linter@v5 + uses: github/super-linter@v6 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -26,3 +27,4 @@ jobs: VALIDATE_ALL_CODEBASE: false # Fail on errors DISABLE_ERRORS: false + VALIDATE_CHECKOV: false