From d61a3f5ab027f4293b7f3987ac51025d0365d57f Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:30:10 -0400 Subject: [PATCH 1/3] ci: scope down permissions for colab.yml --- .github/workflows/colab.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/colab.yml b/.github/workflows/colab.yml index caf3f2d0..27c0d7fb 100644 --- a/.github/workflows/colab.yml +++ b/.github/workflows/colab.yml @@ -6,6 +6,9 @@ on: - cron: '0 9 * * 1' workflow_dispatch: +permissions: + contents: write + jobs: sync: runs-on: ubuntu-latest From 780794688be13c1440d43698203874f381d2d0d2 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:30:11 -0400 Subject: [PATCH 2/3] ci: scope down permissions for canary_d2l.yml --- .github/workflows/canary_d2l.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/canary_d2l.yml b/.github/workflows/canary_d2l.yml index 68aea26e..d2c8d9d0 100644 --- a/.github/workflows/canary_d2l.yml +++ b/.github/workflows/canary_d2l.yml @@ -6,6 +6,9 @@ on: - cron: '0 9 * * *' workflow_dispatch: +permissions: + contents: read + jobs: canary-test: runs-on: ${{ matrix.os }} From 3229d1898d69b9d982c842dcafe95ee22474754d Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 14:30:13 -0400 Subject: [PATCH 3/3] ci: scope down permissions for pr_notebook.yml --- .github/workflows/pr_notebook.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pr_notebook.yml b/.github/workflows/pr_notebook.yml index 848e2758..23d1335e 100644 --- a/.github/workflows/pr_notebook.yml +++ b/.github/workflows/pr_notebook.yml @@ -10,6 +10,9 @@ on: - "**.css" workflow_dispatch: +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest