Description

I would like to also suggest another supply-chain security, if I may, which is to use credentials that are minimally scoped.

This is one aspect of supply-chain security checked by the OpenSSF Scorecard and also strongly recommended by the GitHub Security.

Thus, setting top level permissions to contents: read and all write permissions being granted on run level is a simple but important practice regarding GitHub Workflows.

I'll suggest a PR with the permissions changes to be easier to understand them, so let me know if you have any doubts or concerns.

Reproduction steps

None

Expected vs. actual results

Expected:

GITHUB_TOKEN to be initialized with minimal permissions

Actual:
GITHUB_TOKEN has all write permissions

Minimal code example

permissions:
    contents: read

Error messages

No response

Compiler and operating system

None

Library version

None

Validation

• The bug also occurs if the latest version from the develop branch is used.
• I can successfully compile and run the unit tests.