Skip to content

Commit e453057

Browse files
SeanTAllenSeanTAllen
committed
Add minimal permissions to some actions workflows
1 parent 40ec48e commit e453057

File tree

6 files changed

+26
-2
lines changed

6 files changed

+26
-2
lines changed

.github/workflows/add-discuss-during-sync.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ on:
1818
types:
1919
- submitted
2020

21+
permissions:
22+
pull-requests: write
23+
2124
jobs:
2225
add-label:
2326
runs-on: ubuntu-latest

.github/workflows/changelog-bot.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,11 @@ on:
99
paths-ignore:
1010
- CHANGELOG.md
1111

12+
permissions:
13+
packages: read
14+
pull-requests: read
15+
contents: write
16+
1217
jobs:
1318
changelog-bot:
1419
runs-on: ubuntu-latest

.github/workflows/lint-action-workflows.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ concurrency:
66
group: lint-actions-${{ github.ref }}
77
cancel-in-progress: true
88

9+
permissions:
10+
packages: read
11+
912
jobs:
1013
lint:
1114
name: Lint
@@ -14,6 +17,6 @@ jobs:
1417
- name: Checkout
1518
uses: actions/checkout@v4.1.1
1619
- name: Check workflow files
17-
uses: docker://ghcr.io/ponylang/shared-docker-ci-actionlint:20241206
20+
uses: docker://ghcr.io/ponylang/shared-docker-ci-actionlint:20250119
1821
with:
1922
args: -color

.github/workflows/release-notes-reminder.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,12 @@ name: Release Notes Reminder
22

33
on:
44
pull_request_target:
5-
types: [labeled]
5+
types:
6+
- labeled
7+
8+
permissions:
9+
packages: read
10+
pull-requests: write
611

712
jobs:
813
release-note-reminder:

.github/workflows/release-notes.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@ on:
1010
- .release-notes/next-release.md
1111
- .release-notes/\d+.\d+.\d+.md
1212

13+
permissions:
14+
packages: read
15+
pull-requests: read
16+
contents: write
17+
1318
jobs:
1419
release-notes:
1520
runs-on: ubuntu-latest

.github/workflows/remove-discuss-during-sync.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ on:
88
types:
99
- closed
1010

11+
permissions:
12+
pull-requests: write
13+
1114
jobs:
1215
remove-label:
1316
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)