add permissions, fixes #172

Author: jangalinski

.github/dependabot.yml

@@ -3,5 +3,13 @@ updates:
   - package-ecosystem: "maven"
     directory: "/"
     schedule:
-      interval: "daily"
-      open-pull-requests-limit: 10
+      interval: daily
+    open-pull-requests-limit: 30
+    labels: [ "Type: dependencies" ]
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 30
+    labels: [ "Type: dependencies" ]

.github/workflows/development.yml

@@ -1,5 +1,8 @@
 name: Development branches
 
+permissions:
+  contents: read
+
 on:
   push:
   pull_request:

.github/workflows/master.yml

@@ -1,5 +1,8 @@
 name: Produces and releases artifacts
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
@@ -41,10 +44,11 @@ jobs:
 
       # Publish release
       - name: Deploy a new release version to Maven Central
-        run: ./mvnw clean deploy -B -ntp -DskipTests -DskipExamples -Prelease -Dgpg.keyname="${{ secrets.GPG_KEYNAME }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}"
+        run: ./mvnw clean deploy -B -ntp -DskipTests -DskipExamples -Prelease -Dgpg.keyname="${{ secrets.GPG_KEYNAME }}"
         env:
           OSS_CENTRAL_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
           OSS_CENTRAL_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
 #      - name: Upload coverage information
 #        uses: codecov/codecov-action@v2

.github/workflows/release-notes.yml

@@ -1,8 +1,11 @@
-# Trigger the workflow on milestone events
+name: Milestone Closure
+
+permissions:
+  contents: read
+
 on:
   milestone:
     types: [closed]
-name: Milestone Closure
 jobs:
   create-release-notes:
     runs-on: ubuntu-latest