Chore: Harden action permissions (#104820)

* harden action permissions * Update .github/workflows/ephemeral-instances-pr-comment.yml Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com> * update documentation-ci --------- Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com>
2025-05-02 12:13:05 +01:00
parent 9a7d85c85f
commit d8fb1e8e4e
11 changed files with 74 additions and 11 deletions
@@ -4,9 +4,13 @@ on:
  pull_request:
    branches: [ main ]

+permissions: {}
+
 jobs:
  codeowners-validator:
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
      # Checks-out your repository, which is validated in the next step
      - uses: actions/checkout@v4
@@ -23,7 +27,7 @@ jobs:

          # "The comma-separated list of experimental checks that should be executed. By default, all experimental checks are turned off. Possible values: notowned,avoid-shadowing"
          experimental_checks: "notowned,avoid-shadowing"
-          
+
          # The repository path in which CODEOWNERS file should be validated."
          repository_path: "."

@@ -37,4 +41,4 @@ jobs:
          owner_checker_allow_unowned_patterns: "false"

          # Specifies whether only teams are allowed as owners of files.
-          owner_checker_owners_must_be_teams: "false"          
+          owner_checker_owners_must_be_teams: "false"