It's a best practice to explicitly specify required permissions for all workflows, and soon we'll have to
Implementation details
Worked through each workflow, trying to work out what it does and what permissions it needs
Test coverage
I wish
Other details
Please don't just 🙈 approve this, it needs 👀 because it has the potential to break at critical times otherwise! The workflows that run as part of standard PRs should be fine, but anything that's rare/release specific needs properly understanding
Summary of changes
Reason for change
It's a best practice to explicitly specify required permissions for all workflows, and soon we'll have to
Implementation details
Worked through each workflow, trying to work out what it does and what permissions it needs
Test coverage
I wish
Other details
Please don't just 🙈 approve this, it needs 👀 because it has the potential to break at critical times otherwise! The workflows that run as part of standard PRs should be fine, but anything that's rare/release specific needs properly understanding
Fixes VULN-8204
Summary of changes
Reason for change
Implementation details
Test coverage
Other details
Backport of https://github.com/DataDog/dd-trace-dotnet/pull/5728