ci: fix workflow permissions

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-11-04 18:13:42 +08:00 · 2024-10-29 09:48:47 +01:00
parent 181348397c
commit 6b2dc8ce56
4 changed files with 9 additions and 8 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -229,8 +229,6 @@ jobs:
    permissions:
      # required to write sarif report
      security-events: write
      # required to check out the repository
      contents: read
    steps:
      -
        name: Checkout
@@ -404,6 +402,9 @@ jobs:
  release:
    runs-on: ubuntu-24.04
    permissions:
      # required to create GitHub release
      contents: write
    needs:
      - test-integration
      - test-unit
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -21,12 +21,10 @@ env:
 jobs:
  codeql:
    runs-on: ubuntu-24.04
    permissions:
      actions: read
      contents: read
      security-events: write
    runs-on: ubuntu-24.04
    steps:
      -
        name: Checkout
--- a/.github/workflows/docs-release.yml
+++ b/.github/workflows/docs-release.yml
@@ -23,6 +23,9 @@ jobs:
  open-pr:
    runs-on: ubuntu-24.04
    if: ${{ (github.event.release.prerelease != true || github.event.inputs.tag != '') && github.repository == 'docker/buildx' }}
    permissions:
      contents: write
      pull-requests: write
    steps:
      -
        name: Checkout docs repo
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -18,10 +18,9 @@ on:
 jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      -
        name: Run