fix: use right token permissions (#6430)

JorTurFer · web-flow · commit 55bd5bf4ce6f · 2024-12-17T18:33:25.000+01:00
Signed-off-by: Jorge Turrado &lt;jorge.turrado@scrm.lidl&gt;
diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml
@@ -92,6 +92,9 @@ jobs:
 
   trivy-scan:
     needs: build
+    permissions:
+      contents: read
+      security-events: write
     uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main
     with:
       runs-on: ubuntu-latest
@@ -102,6 +105,9 @@ jobs:
 
   trivy-scan-metrics-server:
     needs: build
+    permissions:
+      contents: read
+      security-events: write
     strategy:
       matrix:
         runner: [ARM64, ubuntu-latest]
@@ -116,6 +122,9 @@ jobs:
 
   trivy-scan-keda:
     needs: build
+    permissions:
+      contents: read
+      security-events: write
     strategy:
       matrix:
         runner: [ARM64, ubuntu-latest]
diff --git a/.github/workflows/template-smoke-tests.yml b/.github/workflows/template-smoke-tests.yml
@@ -13,9 +13,6 @@ on:
         required: true
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   smoke-tests:
     name: Validate k8s-${{ inputs.kubernetesVersion }}
diff --git a/.github/workflows/template-trivy-scan.yml b/.github/workflows/template-trivy-scan.yml
@@ -31,10 +31,6 @@ on:
         required: true
         type: boolean
 
-permissions:
-  contents: read
-  security-events: write
-
 jobs:
   trivy-scan:
     name: Trivy - ${{ inputs.runs-on }} - ${{ inputs.scan-type }} ${{ inputs.image-ref }}
