Add github token permissions to improve ossf scorecard (#2992)

* Fix autogen issue with cronjob generator and foreach pod generator (#2989) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * Add baseline read-all permissions Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * remove extra read-all Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * Add arm64 goarch to go releaser (#2991) Signed-off-by: Roee Landesman <roee.landesman@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
2024-12-14 11:57:48 +00:00 · 2022-01-15 17:14:22 -08:00 · 2022-01-15 17:14:22 -08:00 · 3e524b5586
commit 3e524b5586
parent 4450edc7d3
2 changed files with 5 additions and 6 deletions
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@ -4,11 +4,12 @@ on:
    branches:
      - 'main'

+permissions: read-all
+
 jobs:
  push-init-kyverno:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
    steps:
@ -60,7 +61,6 @@ jobs:
  push-kyverno:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
    steps:
@ -111,7 +111,6 @@ jobs:
  push-kyverno-cli:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
    steps:
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -3,11 +3,13 @@ on:
  push:
    tags:
      - 'v*'
+
+permissions: read-all
+
 jobs:
  release-init-kyverno:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
    steps:
@ -76,7 +78,6 @@ jobs:
  release-kyverno:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
    steps:
@ -168,7 +169,6 @@ jobs:
  release-kyverno-cli:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
    steps: