fix(ci): replace broad permissions with specific scopes in workflows

Replace read-all/write-all with minimum required permission scopes across all GitHub Actions workflows to follow the principle of least privilege (SonarCloud rule githubactions:S8234).
2026-02-08 04:50:47 +00:00 · 2026-02-07 13:46:03 +02:00
parent cff3d1dd8a
commit 89aeb29c04
7 changed files with 20 additions and 10 deletions
--- a/.github/workflows/new-release.yml
+++ b/.github/workflows/new-release.yml
@@ -11,13 +11,15 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: read-all
+permissions:
+  contents: read

 jobs:
  new-daily-release:
    runs-on: ubuntu-latest

-    permissions: write-all
+    permissions:
+      contents: write

    outputs:
      created: ${{ steps.daily-version.outputs.created }}