From 17b03a176f7fafcfe8ea1ed13cc4c4a0c5707af7 Mon Sep 17 00:00:00 2001
From: Alexey Karasev <oneasat@gmail.com>
Date: Thu, 9 Apr 2026 12:06:54 +0500
Subject: [PATCH 1/2] chore(ci): Potential fix for code scanning alert no. 312:
 Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/docker-release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
index 29325f91..4e55ef25 100644
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@@ -121,6 +121,8 @@ jobs:
   upload-assets:
     needs: [github-release]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
     - name: Checkout code
       uses: actions/checkout@v6.0.2

From a6907b5bda60f0a94b20d0bda664fa4680c0488b Mon Sep 17 00:00:00 2001
From: Alexey Karasev <oneasat@gmail.com>
Date: Thu, 9 Apr 2026 13:05:46 +0500
Subject: [PATCH 2/2] chore: add permissions for contents in docker-release
 workflow

---
 .github/workflows/docker-release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
index 4e55ef25..000e2010 100644
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@@ -16,6 +16,9 @@ on:
         required: true
         default: './charts/qubership-logging-operator/Chart.yaml'
 
+permissions:
+  contents: read
+
 jobs:
   check-tag:
     runs-on: ubuntu-latest