fix: add permissions for github token (#54)

* chore: add permissions for github token

* chore: add release test condition that will be deleted later

* chore: remove test conditions

Author: caroldelwing

.github/workflows/gitleaks.yaml

@@ -1,6 +1,9 @@
 name: GitLeaks
 on: [pull_request]
 
+permissions:
+  contents: read
+
 concurrency:
   group: gitleaks-${{ github.ref }}
   cancel-in-progress: true
@@ -15,7 +18,6 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         GITLEAKS_CONFIG: config.toml
     steps:
-
       - name: run-bulwark-gitleaks-scan
         shell: sh
         env:
@@ -33,4 +35,4 @@ jobs:
             exit 1
           else 
             echo "GitLeaks validation check passed"
-          fi
+          fi

.github/workflows/release.yaml

@@ -2,11 +2,17 @@ name: Release to Production
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+permissions:
+  contents: write # Required for semantic-release to create releases and tags
+  packages: write # Required for pushing Docker images to GHCR
+  id-token: write # Required for cosign signing
+
 jobs:
   docker:
     name: "Release Docker image"

.github/workflows/test.yaml

@@ -9,6 +9,10 @@ on:
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+permissions:
+  contents: read
+  packages: write # Required for pushing Docker images to GCR
+
 concurrency:
   group: ci-${{ github.ref }}
   cancel-in-progress: true