Add gha permissions and remove snyk (#309)

andersrognstad · web-flow · commit 7ea8cb056acf · 2023-09-14T13:38:09.000+02:00
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -9,6 +9,10 @@ on:
 
 jobs:
   monitor:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     uses: navikt/isworkflows/.github/workflows/codeql.yml@master
     with:
       languages: "[ 'java' ]"
diff --git a/.github/workflows/dependency-submission.yaml b/.github/workflows/dependency-submission.yaml
@@ -9,5 +9,7 @@ on:
 
 jobs:
   dependency_submission:
+    permissions:
+      contents: write
     uses: navikt/isworkflows/.github/workflows/gradle-dependency-submission.yml@master
     secrets: inherit
diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml
@@ -11,6 +11,9 @@ on:
 jobs:
   deploy-dev:
     name: Deploy to NAIS Dev-gcp
+    permissions:
+      contents: read
+      id-token: write
     uses: navikt/isworkflows/.github/workflows/manual-deploy-dev.yml@master
     with:
       git-commit: ${{ github.event.inputs.gitCommit }}
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -4,5 +4,8 @@ on: push
 
 jobs:
   build-and-deploy:
+    permissions:
+      contents: read
+      id-token: write
     uses: navikt/isworkflows/.github/workflows/kotlin-build-deploy.yml@master
     secrets: inherit
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
