diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 2ccc6118..4556da1b 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -11,6 +11,9 @@ on: - "**/bicepconfig.json" workflow_dispatch: {} +permissions: + contents: read + jobs: bicep_unit_tests: name: Bicep Build & Lint All Modules diff --git a/.github/workflows/gh-ado-sync.yml b/.github/workflows/gh-ado-sync.yml index e91d1903..4a61d3da 100644 --- a/.github/workflows/gh-ado-sync.yml +++ b/.github/workflows/gh-ado-sync.yml @@ -6,6 +6,9 @@ on: issue_comment: types: [created] +permissions: + contents: read + jobs: alert: runs-on: ubuntu-latest diff --git a/.github/workflows/psdocs-mdtogit.yml b/.github/workflows/psdocs-mdtogit.yml index 499eb5c1..1bcd3d56 100644 --- a/.github/workflows/psdocs-mdtogit.yml +++ b/.github/workflows/psdocs-mdtogit.yml @@ -27,6 +27,7 @@ jobs: permissions: contents: write runs-on: ubuntu-latest + environment: BicepUpdateDocumentation steps: - name: Harden Runner uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml index 96f053d3..67760f2c 100644 --- a/.github/workflows/release-tests.yml +++ b/.github/workflows/release-tests.yml @@ -6,6 +6,9 @@ on: - main workflow_dispatch: {} +permissions: + contents: read + jobs: release-tests: name: Pre-Release Tests diff --git a/.github/workflows/scheduled-bicep-build.yml b/.github/workflows/scheduled-bicep-build.yml index a8a2e588..addfd80e 100644 --- a/.github/workflows/scheduled-bicep-build.yml +++ b/.github/workflows/scheduled-bicep-build.yml @@ -1,13 +1,13 @@ name: Unit Tests - Scheduled Bicep Build -permissions: - contents: read - on: schedule: - cron: "0 8 * * 1-5" workflow_dispatch: {} +permissions: + contents: read + jobs: bicep_unit_tests: name: Bicep Build & Lint All Modules