From f9cbf80260589992562bd957276110de76967166 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:23 -0400 Subject: [PATCH 1/9] ci: scope down permissions for repo-sync.yml --- .github/workflows/repo-sync.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index 300341c1..2d97bc86 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -9,6 +9,10 @@ on: - '.github/workflows/repo-sync.yml' workflow_dispatch: +permissions: + contents: write + pull-requests: write + jobs: repo-sync: name: Repo Sync From 8ebf95c9cf8a60ad81f9c69767788df6dea7795a Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:25 -0400 Subject: [PATCH 2/9] ci: scope down permissions for aws-lambda-java-serialization.yml --- .github/workflows/aws-lambda-java-serialization.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/aws-lambda-java-serialization.yml b/.github/workflows/aws-lambda-java-serialization.yml index b2700e08..13b7e08b 100644 --- a/.github/workflows/aws-lambda-java-serialization.yml +++ b/.github/workflows/aws-lambda-java-serialization.yml @@ -14,6 +14,9 @@ on: - 'aws-lambda-java-serialization/**' - '.github/workflows/aws-lambda-java-serialization.yml' +permissions: + contents: read + jobs: build: From cbd45eb11342fe340316bf2087accab1371ca66a Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:27 -0400 Subject: [PATCH 3/9] ci: scope down permissions for aws-lambda-java-events-sdk-transformer.yml --- .github/workflows/aws-lambda-java-events-sdk-transformer.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/aws-lambda-java-events-sdk-transformer.yml b/.github/workflows/aws-lambda-java-events-sdk-transformer.yml index 285848a9..1f1f0887 100644 --- a/.github/workflows/aws-lambda-java-events-sdk-transformer.yml +++ b/.github/workflows/aws-lambda-java-events-sdk-transformer.yml @@ -14,6 +14,9 @@ on: - 'aws-lambda-java-events-sdk-transformer/**' - '.github/workflows/aws-lambda-java-events-sdk-transformer.yml' +permissions: + contents: read + jobs: build: From 403bdbbca794e28c4e373764bd3bbc61927a9d9f Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:29 -0400 Subject: [PATCH 4/9] ci: scope down permissions for samples.yml --- .github/workflows/samples.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/samples.yml b/.github/workflows/samples.yml index 2b5e7833..aebb708a 100644 --- a/.github/workflows/samples.yml +++ b/.github/workflows/samples.yml @@ -14,6 +14,9 @@ on: - 'samples/**' - '.github/workflows/samples.yml' +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest From ab127ccef405761ed0bdf41b8bc2fa38f1f1aa0a Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:31 -0400 Subject: [PATCH 5/9] ci: scope down permissions for aws-lambda-java-log4j2.yml --- .github/workflows/aws-lambda-java-log4j2.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/aws-lambda-java-log4j2.yml b/.github/workflows/aws-lambda-java-log4j2.yml index 03718e60..e9f6a56c 100644 --- a/.github/workflows/aws-lambda-java-log4j2.yml +++ b/.github/workflows/aws-lambda-java-log4j2.yml @@ -14,6 +14,9 @@ on: - 'aws-lambda-java-log4j2/**' - '.github/workflows/aws-lambda-java-log4j2.yml' +permissions: + contents: read + jobs: build: From 4c8dfb0f471e606616c9638911fffe42559da648 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:33 -0400 Subject: [PATCH 6/9] ci: scope down permissions for aws-lambda-java-tests.yml --- .github/workflows/aws-lambda-java-tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/aws-lambda-java-tests.yml b/.github/workflows/aws-lambda-java-tests.yml index 1b818014..720c52c1 100644 --- a/.github/workflows/aws-lambda-java-tests.yml +++ b/.github/workflows/aws-lambda-java-tests.yml @@ -14,6 +14,9 @@ on: - 'aws-lambda-java-tests/**' - '.github/workflows/aws-lambda-java-tests.yml' +permissions: + contents: read + jobs: build: From 9c259fb55aa066447920f78efd4049ed52c2b1a6 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:35 -0400 Subject: [PATCH 7/9] ci: scope down permissions for runtime-interface-client_pr.yml --- .github/workflows/runtime-interface-client_pr.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/runtime-interface-client_pr.yml b/.github/workflows/runtime-interface-client_pr.yml index 35c6ca06..d436281b 100644 --- a/.github/workflows/runtime-interface-client_pr.yml +++ b/.github/workflows/runtime-interface-client_pr.yml @@ -10,6 +10,9 @@ on: - 'aws-lambda-java-runtime-interface-client/**' - '.github/workflows/runtime-interface-client_*.yml' +permissions: + contents: read + jobs: smoke-test: From 13aeddc486173820a89eeff94201a95edfe40776 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:36 -0400 Subject: [PATCH 8/9] ci: scope down permissions for aws-lambda-java-events.yml --- .github/workflows/aws-lambda-java-events.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/aws-lambda-java-events.yml b/.github/workflows/aws-lambda-java-events.yml index b3b360b4..2d101018 100644 --- a/.github/workflows/aws-lambda-java-events.yml +++ b/.github/workflows/aws-lambda-java-events.yml @@ -14,6 +14,9 @@ on: - 'aws-lambda-java-events/**' - '.github/workflows/aws-lambda-java-events.yml' +permissions: + contents: read + jobs: build: From 5c3a3392658e22bd2cf92e4d77aa83aed8b5b3b3 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:36:38 -0400 Subject: [PATCH 9/9] ci: scope down permissions for aws-lambda-java-core.yml --- .github/workflows/aws-lambda-java-core.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/aws-lambda-java-core.yml b/.github/workflows/aws-lambda-java-core.yml index c8064513..b1bed919 100644 --- a/.github/workflows/aws-lambda-java-core.yml +++ b/.github/workflows/aws-lambda-java-core.yml @@ -14,6 +14,9 @@ on: - 'aws-lambda-java-core/**' - '.github/workflows/aws-lambda-java-core.yml' +permissions: + contents: read + jobs: build: