ci: scope down GitHub Token permissions (#1202)

AdnaneKhan · web-flow · commit 1786a0287912 · 2025-12-18T14:07:09.000-08:00
* ci: scope down permissions for build-and-test.yaml

* ci: scope down permissions for stale.yml
diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
@@ -18,6 +18,9 @@ env:
   GITHUB_TOKEN: ${{ secrets.EC2_BOT_GITHUB_TOKEN }}
   WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
 
+permissions:
+  contents: read
+
 jobs:
   fastTests:
     name: Fast Test
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -4,6 +4,10 @@ on:
   schedule:
     - cron: "0 17 * * *"  # Runs every day at 12:00PM CST
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   stale:
     runs-on: ubuntu-24.04
