Fix token permissions warnings (#4550)

nlohmann · web-flow · commit 861ec9c3c61e · 2024-12-17T12:55:19.000+01:00
* 🚨 fix token permissions warnings

* 🚨 fix token permissions warnings

* 🚨 fix token permissions warnings
diff --git a/.github/workflows/check_amalgamation.yml b/.github/workflows/check_amalgamation.yml
@@ -3,8 +3,6 @@ name: "Check amalgamation"
 on:
   pull_request:
 
-permissions: read-all
-
 jobs:
   save:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
@@ -1,9 +1,6 @@
 name: CIFuzz
 on: [pull_request]
 
-permissions:
-  contents: read
-
 jobs:
   Fuzzing:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -11,9 +11,6 @@ on:
     - cron: '0 19 * * 1'
   workflow_dispatch:
   
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
diff --git a/.github/workflows/comment_check_amalgamation.yml b/.github/workflows/comment_check_amalgamation.yml
@@ -5,8 +5,6 @@ on:
     types:
       - completed
 
-permissions: {}
-
 jobs:
   comment:
     if: ${{ github.event.workflow_run.conclusion == 'failure' }}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -9,9 +9,6 @@
 name: 'Dependency Review'
 on: [pull_request]
 
-permissions:
-  contents: read
-
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -4,8 +4,6 @@ on:
   pull_request_target:
     types: [opened, synchronize]
 
-permissions: {}
-
 jobs:
   label:
     permissions:
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
@@ -9,9 +9,6 @@ on:
   pull_request:
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
diff --git a/.github/workflows/publish_documentation.yml b/.github/workflows/publish_documentation.yml
@@ -10,16 +10,16 @@ on:
       - docs/examples/**
   workflow_dispatch:
 
-permissions:
-  contents: write
-
 # we don't want to have concurrent jobs, and we don't want to cancel running jobs to avoid broken publications
 concurrency:
   group: documentation
   cancel-in-progress: false
 
 jobs:
   publish_documentation:
+    permissions:
+      contents: write
+
     if: github.repository == 'nlohmann/json'
     runs-on: ubuntu-22.04
     steps:
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -14,9 +14,6 @@ on:
   push:
     branches: ["develop"]
 
-# Declare default permissions as read only.
-permissions: read-all
-
 jobs:
   analysis:
     name: Scorecard analysis
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
@@ -9,9 +9,6 @@ on:
   pull_request:
   workflow_dispatch:
   
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -9,9 +9,6 @@ on:
   pull_request:
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
