Add granular permissions to GitHub action workflows

Tehsmash · Sam Betts · commit 0c684ab6b59c · 2023-07-24T08:12:52.000+01:00
This commit adds granular permissions to the workflows that need them to
perform their tasks. The release action needs access to the "contents"
of a repo in order to create a release, and reusable-build-and-push
requires access to packages in order to publish the containers.
diff --git a/.github/workflows/main-merge.yml b/.github/workflows/main-merge.yml
@@ -4,6 +4,9 @@ on:
     branches:
       - main
 
+permissions:
+  packages: write
+
 jobs:
   build_and_push:
     uses: ./.github/workflows/reusable-build-and-push.yml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -4,6 +4,10 @@ on:
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
 
+permissions:
+  packages: write
+  contents: write
+
 jobs:
   build_and_push:
     name: Build & Push
