explicit permissions this time

cabutlermit · cabutlermit · commit 60f61b0c7abb · 2025-05-07T09:57:43.000-04:00
diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml
@@ -15,9 +15,20 @@ on:
 jobs:
   deploy:
     # These permissions are needed to interact with GitHub's OIDC Token endpoint.
-    # checkov:skip=CKV2_GHA_1:This ONLY uses a shared workflow and that shared workflow has restricted permissions
     permissions:
+      actions: read
+      attestations: read
+      checks: read
+      deployments: read
+      discussions: read
+      issues: read
       id-token: write
+      packages: read
+      pages: read
+      pull-requests: read
+      repository-projects: read
+      statuses: read
+      security-events: read
       contents: read
 
     name: Dev Container Deploy
