ci: scope down GitHub Token permissions (#1571)

Author: AdnaneKhan

.github/workflows/main.yml

@@ -16,6 +16,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   markdown-link-check:
     runs-on: ubuntu-latest

.github/workflows/maven_release.yml

@@ -5,6 +5,9 @@ on:
     types:
       - published
 
+permissions:
+  contents: read
+
 jobs:
   ubuntu-latest-jdbc-wrapper-release-to-maven:
     name: 'Build And Release to Maven'

.github/workflows/maven_snapshot.yml

@@ -6,6 +6,9 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   ubuntu-latest-jdbc-wrapper-snapshot-to-maven:
     name: 'Build And Upload Snapshot to Maven'

.github/workflows/remove-old-artifacts.yml

@@ -5,6 +5,9 @@ on:
     # Every day at 1am
     - cron: '0 1 * * *'
 
+permissions:
+  actions: write
+
 jobs:
   remove-old-artifacts:
     runs-on: ubuntu-latest

.github/workflows/run-hibernate-orm-tests.yml

@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   hibernate-integration-tests:
     name: 'Run Hibernate ORM integration tests'

.github/workflows/run-standard-integration-tests.yml

@@ -12,6 +12,9 @@ on:
       - '**/release_draft.yml'
       - '**/maven*.yml'
 
+permissions:
+  contents: read
+
 jobs:
   standard-integration-tests:
     name: 'Run standard container integration tests'