jaegertracing · yurishkuro · Apr 17, 2024 · Apr 17, 2024
@@ -10,6 +10,9 @@ on:
       - labeled
       - unlabeled
 
+permissions:  
+  contents: read
+
 jobs:
   check-label:
     runs-on: ubuntu-latest

@@ -8,13 +8,14 @@ on:
   workflow_dispatch:
 
 # See https://github.com/jaegertracing/jaeger/issues/4017
-# and https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
 permissions:
-  deployments: write
-  contents: write
+  contents: read
 
 jobs:
   publish-release:
+    permissions:
+      contents: write
+      deployments: write
     if: github.repository == 'jaegertracing/jaeger'
     runs-on: ubuntu-latest
 

@@ -4,13 +4,13 @@ on:
   push:
     branches: [main]
 
-# See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
-permissions:  # added using https://github.com/step-security/secure-workflows
+permissions:
   contents: read
-  checks: write
 
 jobs:
   unit-tests-go-tip:
+    permissions:
+      checks: write
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner

@@ -11,13 +11,13 @@ concurrency:
   group: ${{ github.workflow }}-${{ (github.event.pull_request && github.event.pull_request.number) || github.ref || github.run_id }}
   cancel-in-progress: true
 
-# See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
-permissions:  # added using https://github.com/step-security/secure-workflows
+permissions:
   contents: read
-  checks: write
 
 jobs:
   unit-tests:
+    permissions:
+      checks: write    
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner