workflows: fix permissions

`contents` permission is required to be able to access the repository
with actions/checkout. It worked incidentally because the repo is public
but let's make it cleaner.

`pull-requests` permission is required to allow retrieving information
from the PR API. Likewise, it worked incidentally only because the repo
is public.

Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>

.github/workflows/conformance-aks-v1.10.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-aks.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-aws-cni-v1.10.yaml

@@ -27,6 +27,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-aws-cni.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-eks-v1.10.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-eks.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-gke-v1.10.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-gke.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-multicluster-v1.10.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/conformance-multicluster.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/tests-l4lb-v1.10.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write
 

.github/workflows/tests-l4lb.yaml

@@ -26,6 +26,10 @@ on:
 # By specifying the access of one of the scopes, all of those that are not
 # specified are set to 'none'.
 permissions:
+  # To be able to access the repository with actions/checkout
+  contents: read
+  # To allow retrieving information from the PR API
+  pull-requests: read
   # So that Sibz/github-status-action can write into the status API
   statuses: write