ci: add top-level permissions to upgrade-fluxcd-pkg workflow

Add explicit top-level `permissions: contents: read` to the upgrade-fluxcd-pkg workflow to follow the principle of least privilege and fix the OpenSSF Scorecard Token-Permissions warning. Signed-off-by: Gagan H R <hrgagan4@gmail.com>
2026-03-12 07:06:57 +00:00 · 2026-03-11 21:40:14 +05:30
parent 4c79a76e94
commit 5f3098477e
1 changed files with 3 additions and 0 deletions
--- a/.github/workflows/upgrade-fluxcd-pkg.yaml
+++ b/.github/workflows/upgrade-fluxcd-pkg.yaml
@@ -3,6 +3,9 @@ name: upgrade-fluxcd-pkg
 on:
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  upgrade-fluxcd-pkg:
    uses: fluxcd/gha-workflows/.github/workflows/upgrade-fluxcd-pkg.yaml@v0.9.0