From d6df4fbb5d2591deef502e74366bdf76971ce280 Mon Sep 17 00:00:00 2001
From: chris48s <chris48s@users.noreply.github.com>
Date: Thu, 5 May 2022 18:45:08 +0100
Subject: [PATCH] chore: Set permissions for GitHub actions (#7928)
Co-authored-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
---
.github/workflows/create-release.yml | 3 +++
.github/workflows/deploy-docs.yml | 4 ++++
.github/workflows/draft-release.yml | 4 ++++
.github/workflows/enforce-dependency-review.yml | 3 ---
4 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index cae2e59595..21bc39202c 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -4,6 +4,9 @@ on:
pull_request:
types: [closed]
+permissions:
+ contents: write
+
jobs:
create-release:
if: |
diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
index 83f6635907..7f361d42d0 100644
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -3,6 +3,10 @@ on:
push:
branches:
- master
+
+permissions:
+ contents: write
+
jobs:
build-and-deploy:
runs-on: ubuntu-latest
diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml
index 094a8821ce..fca619cd26 100644
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@@ -5,6 +5,10 @@ on:
# At 01:00 on the first day of every month
workflow_dispatch:
+permissions:
+ pull-requests: write
+ contents: write
+
jobs:
build:
runs-on: ubuntu-latest
diff --git a/.github/workflows/enforce-dependency-review.yml b/.github/workflows/enforce-dependency-review.yml
index f2605b7a7e..6bb0bd7593 100644
--- a/.github/workflows/enforce-dependency-review.yml
+++ b/.github/workflows/enforce-dependency-review.yml
@@ -1,9 +1,6 @@
name: 'Dependency Review'
on: [pull_request]
-permissions:
- contents: read
-
jobs:
dependency-review:
runs-on: ubuntu-latest
--
GitLab