Merge pull request #53 from rapidfort/update-rapidfort-workflow-configuration

Updating Kimia Workflow for CI/CD configurations with required permis…

Author: eve-rf

.github/workflows/build.yml

@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  contents: read
+
 env:
   REGISTRY: ghcr.io
   IMAGE_BASE: ${{ github.repository }}

.github/workflows/codeql.yml

@@ -19,6 +19,17 @@ on:
   schedule:
     - cron: '24 11 * * 5'
 
+permissions:
+  # required for all workflows
+  security-events: write
+
+  # required to fetch internal or private CodeQL packs
+  packages: read
+
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})

.github/workflows/docker-image.yml

@@ -14,6 +14,17 @@ on:
         required: true
         default: "3.21-rfcurated"
 
+permissions:
+  # required for all workflows
+  security-events: write
+
+  # required to fetch internal or private CodeQL packs
+  packages: read
+
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/release.yml

@@ -14,6 +14,17 @@ on:
           - staging
           - production
 
+permissions:
+  # required for all workflows
+  security-events: write
+
+  # required to fetch internal or private CodeQL packs
+  packages: read
+
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 env:
   REGISTRY: ghcr.io
   REPO_OWNER: ${{ github.repository_owner }}

.github/workflows/test.yml

@@ -6,6 +6,17 @@ on:
   pull_request:
     branches: [main, develop]
 
+permissions:
+  # required for all workflows
+  security-events: write
+
+  # required to fetch internal or private CodeQL packs
+  packages: read
+
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
 jobs:
   build-test:
     runs-on: ubuntu-latest