Add minimum token permissions for all github workflow files (#1655)

* Add minimum token permissions for all github workflow files * Update .github/workflows/phpdoc-to-github-pages.yml --------- Co-authored-by: otelbot <197425009+otelbot@users.noreply.github.com> Co-authored-by: Trask Stalnaker <trask.stalnaker@gmail.com>
2025-07-06 18:29:47 -07:00 · 2025-07-06 18:29:47 -07:00 · 7033191a74
parent e27aac84f6
commit 7033191a74
5 changed files with 14 additions and 3 deletions
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@ -6,6 +6,9 @@ on:
  pull_request:
    branches: [ main ]

+permissions:
+  contents: read
+
 jobs:
  php:
    runs-on: ubuntu-latest
--- a/.github/workflows/phpdoc-to-github-pages.yml
+++ b/.github/workflows/phpdoc-to-github-pages.yml
@ -6,14 +6,14 @@ on:
      - "main"
  workflow_dispatch:

-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 permissions:
  contents: read
-  pages: write
-  id-token: write

 jobs:
  documentation:
+    permissions:
+      pages: write # required for GitHub Pages deployment
+      id-token: write # required for GitHub Pages deployment
    name: "Documentation"
    runs-on: "ubuntu-latest"
    steps:
--- a/.github/workflows/publish-otel-php-base-docker-image.yml
+++ b/.github/workflows/publish-otel-php-base-docker-image.yml
@ -11,6 +11,8 @@ on:
    paths:
      - docker/Dockerfile
      - .github/workflows/publish-otel-php-base-docker-image.yml
+permissions:
+  contents: read
 jobs:
  push_to_registry:
    name: OpenTelemetry PHP base docker image creation
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@ -6,6 +6,9 @@ on:
  pull_request:
    branches: [ main ]

+permissions:
+  contents: read
+
 jobs:
  shellcheck:
    runs-on: ubuntu-latest
--- a/.github/workflows/split-monorepo.yaml
+++ b/.github/workflows/split-monorepo.yaml
@ -9,6 +9,9 @@ on:
  create:
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  gitsplit:
    runs-on: ubuntu-latest