fix(ci): scope review permissions to job level

Mehdi-Bl · Mehdi-Bl · commit ec622e032758 · 2026-02-15T01:10:40.000Z
diff --git a/.github/workflows/claude-review-manual.yml b/.github/workflows/claude-review-manual.yml
@@ -15,12 +15,14 @@ on:
 
 permissions:
   contents: read
-  pull-requests: write
-  issues: write
-  id-token: write
 
 jobs:
   claude-review:
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
     uses: codingworkflow/codingworkflow-security-policies/.github/workflows/reusable-claude-review.yml@55070d1bc124fbe46d9a8edbc8d536826d4e15ed
     with:
       pr_number: ${{ inputs.pr_number }}
diff --git a/.github/workflows/opencode-review-manual.yml b/.github/workflows/opencode-review-manual.yml
@@ -30,12 +30,14 @@ on:
 
 permissions:
   contents: read
-  pull-requests: write
-  issues: write
-  id-token: write
 
 jobs:
   opencode-review:
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
     uses: codingworkflow/codingworkflow-security-policies/.github/workflows/reusable-opencode-review.yml@55070d1bc124fbe46d9a8edbc8d536826d4e15ed
     with:
       pr_number: ${{ inputs.pr_number }}
