fixup! Update permissions for workflows that call scorecard

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
open-quantum-safe · Sep 4, 2024 · c2b15dc · c2b15dc
1 parent 6849a0b
commit c2b15dc
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/.github/workflows/commit-to-main.yml b/.github/workflows/commit-to-main.yml
@@ -15,6 +15,11 @@ jobs:
   scorecard:
     uses: ./.github/workflows/scorecard.yml
     secrets: inherit
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
 
   basic-downstream:
     uses: ./.github/workflows/downstream-basic.yml

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -22,3 +22,8 @@ jobs:
     needs: basic-checks
     uses: ./.github/workflows/scorecard.yml
     secrets: inherit
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml
@@ -14,6 +14,11 @@ jobs:
   scorecard:
     uses: ./.github/workflows/scorecard.yml
     secrets: inherit
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
 
   extended-tests:
     uses: ./.github/workflows/extended.yml