commit 34004d9d5b63c607af2635f7cadd404250b8cb53
author Cole Arendt <cole.arendt@outlook.com> Sat Jun 18 06:21:48 2022 -0400
committer Cole Arendt <cole.arendt@outlook.com> Sat Jun 18 06:24:07 2022 -0400
tree 44902047a0c6a8b08bf8491bcfa36aaf39ff5196
parent 7358f174908243742c1e850f5dfa19e44e0583e8

set minimal permissions for each workflow

.github/workflows/chart-rebuild.yaml

diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml
index 7cff622..37971b5 100644
--- a/.github/workflows/chart-rebuild.yaml
+++ b/.github/workflows/chart-rebuild.yaml
@@ -3,6 +3,10 @@
 on:
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   rebuild:
     runs-on: ubuntu-latest

.github/workflows/chart-releaser.yaml

diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml
index 07a8f70..7d152f8 100644
--- a/.github/workflows/chart-releaser.yaml
+++ b/.github/workflows/chart-releaser.yaml
@@ -5,6 +5,10 @@
     branches:
       - main
 
+permissions:
+  contents: read
+  deployments: write
+
 jobs:
   release:
     runs-on: ubuntu-latest

.github/workflows/chart-test.yaml

diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml
index 248facb..9ba0d4f 100644
--- a/.github/workflows/chart-test.yaml
+++ b/.github/workflows/chart-test.yaml
@@ -6,6 +6,11 @@
       - main
   pull_request:
 
+permissions:
+  checks: write
+  contents: read
+  statuses: write
+
 jobs:
   lint:
     runs-on: ubuntu-latest