Merge pull request #95 from DataDog/nina.rei/VULN-8308/update-permiss…

…ions-for-workflow-jobs Give elevated permissions on the job-level for specific workflows
DataDog · Nov 6, 2024 · 893cbfb · 893cbfb
2 parents 1117670 + c89dc92
commit 893cbfb
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/.github/workflows/auto_release.yml b/.github/workflows/auto_release.yml
@@ -8,6 +8,10 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      packages: write
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/update_apps.yml b/.github/workflows/update_apps.yml
@@ -1,4 +1,4 @@
-# Disabled in favor of 
+# Disabled in favor of
 # https://github.com/DataDog/serverless-self-monitoring/blob/main/self_monitor/azure/launch.sh
 
 name: update_self_monitoring_apps
@@ -13,6 +13,9 @@ permissions:
 jobs:
   update_apps:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      packages: write
     # Set the env for Azure managed identity federated credentials for OIDC
     # https://github.com/marketplace/actions/azure-login#login-with-openid-connect-oidc-recommendeda
     environment: dev