[TRACKING] Set explicit permissions for GitHub workflows

For enhanced security, set explicit permissions for GitHub workflows. This applies to both the primary "caller" workflows and the reusable "callee" workflows they invoke (this repo hosts popular reusable "callee" workflows).

This approach aligns with security best practices, as detailed in the following documentation:

- https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes
- https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/


CC @FranzBusch @ktoso 


- [x] `soundness.yml`
- [x] `swift_package_test.yml`
- [x] `pull_request.yml`
- [x] `performance_test.yml`
- [x] `create_automerge_pr`


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[TRACKING] Set explicit permissions for GitHub workflows #167

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[TRACKING] Set explicit permissions for GitHub workflows #167

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions