fix(ci-cd): set minimal permissions for CI/CD pipeline

santi698 · santi698 · commit 916e12d1954d · 2025-08-15T14:46:20.000+02:00
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -1,5 +1,7 @@
 name: CI/CD Pipeline
 
+permissions: {}
+
 on:
   push:
     branches: [main]
@@ -9,6 +11,8 @@ on:
 
 jobs:
   test:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
 
     strategy:
@@ -66,6 +70,8 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   build-docs:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     needs: test
     if: github.ref == 'refs/heads/main'
@@ -100,6 +106,8 @@ jobs:
           cname: aignostics-platform-sdk.github.io
 
   release:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     needs: [test, build-docs]
     if: github.ref == 'refs/heads/main'
@@ -112,7 +120,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
