chore(actions): Explicitly adding permissions to all workflows. (#642)

As pointed out by github security checks.

(cherry picked from commit 565bfd3)

Author: mcottontensor

.github/workflows/backport.yml

@@ -4,6 +4,10 @@ on:
   pull_request_target:
     types: ["labeled", "closed"]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   backport:
     name: Backport PR

.github/workflows/changesets-publish-npm-packages.yml

@@ -14,6 +14,8 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
 jobs:
   # gets all publishable npm packages.
   fetch-package-info:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     outputs:
       matrix: ${{ steps.query-packages.outputs.matrix }}

.github/workflows/healthcheck-frontend.yml

@@ -11,6 +11,9 @@ on:
       - "SignallingWebServer/**"
       - "Extras/**"
 
+permissions:
+  contents: write
+
 jobs:
   streaming-test-linux:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'

.github/workflows/healthcheck-image-sfu.yml

@@ -7,6 +7,9 @@ on:
       - ".github/workflow/healthcheck-image-sfu.yml"
       - "SFU/**"
 
+permissions:
+  contents: read
+
 jobs:
   build-docker-image:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'

.github/workflows/healthcheck-image-wilbur.yml

@@ -7,6 +7,9 @@ on:
       - ".github/workflows/healthcheck-image-wilbur.yml"
       - "SignallingWebServer/**"
 
+permissions:
+  contents: read
+
 jobs:
   build-docker-image:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'

.github/workflows/healthcheck-libraries.yml

@@ -12,6 +12,9 @@ on:
       - "Frontend/ui-library/**"
       - "Frontend/implementations/typescript/**"
 
+permissions:
+  contents: read
+
 jobs:
   build-using-local-deps:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'

.github/workflows/healthcheck-libs-with-public-deps.yml

@@ -6,6 +6,9 @@ on:
       commitsha:
         description: "Commit SHA for the release (if blank use latest on this branch)"
 
+permissions:
+  contents: read
+
 env:
   commitsha: "${{ github.event.inputs.commitsha || github.sha }}"
 

.github/workflows/healthcheck-markdown-links.yml

@@ -5,6 +5,10 @@ on:
   # schedule:
   #   - cron: '0 0 * * *'
 
+permissions:
+  contents: read
+  issues: write
+
 jobs:
   linkChecker:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'

.github/workflows/healthcheck-platform-scripts.yml

@@ -7,6 +7,9 @@ on:
       - ".github/workflows/healthcheck-platform-scripts.yml"
       - "SignallingWebServer/**"
 
+permissions:
+  contents: read
+
 jobs:
   run-script-linux:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'

.github/workflows/healthcheck-signalling-protocol.yml

@@ -10,6 +10,9 @@ on:
       - "SignallingWebServer/**"
       - "Extras/SS_Test/**"
 
+permissions:
+  contents: read
+
 jobs:
   signalling-protocol-test:
     if: github.repository == 'EpicGamesExt/PixelStreamingInfrastructure'