Set explicit workflow permissions (#418)

wata727 · web-flow · commit d4a9c9ad4f33 · 2025-04-25T07:11:40.000Z
Fix actions/missing-workflow-permissions in Code Scanning alerts
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: ${{ matrix.os }}
@@ -28,8 +31,3 @@ jobs:
       run: make test
     - name: Run build
       run: make build
-    - name: Upload Artifact
-      uses: actions/upload-artifact@master
-      with:
-        name: tflint-ruleset-google-${{ matrix.os }}
-        path: tflint-ruleset-google
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   e2e:
     name: ${{ matrix.os }} (${{ matrix.version }})
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   check:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml
@@ -1,9 +1,16 @@
+name: maintenance
+
 on:
   push:
     branches: [ master ]
   schedule:
     - cron: '0 0 * * 1'
   workflow_dispatch: # Enables on-demand/manual triggering
+
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   job:
     runs-on: ubuntu-latest
