From 41ad6aaec44599ac39d4d88e167f652bd6c2c0e5 Mon Sep 17 00:00:00 2001 From: DJ Adams Date: Fri, 5 Jun 2026 09:57:28 +0000 Subject: [PATCH] add permissions to workflow --- .github/workflows/community-id-requester.yaml | 5 +++++ .github/workflows/disallowed-content-checks.yaml | 4 ++++ .github/workflows/markdown-checks.yaml | 3 +++ .github/workflows/merged-pr-labeler.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/.github/workflows/community-id-requester.yaml b/.github/workflows/community-id-requester.yaml index 5e3bc6f..8f68f77 100644 --- a/.github/workflows/community-id-requester.yaml +++ b/.github/workflows/community-id-requester.yaml @@ -23,6 +23,11 @@ on: issues: types: [labeled] +permissions: + contents: read + issues: write + pull-requests: write + jobs: community-id-requester: diff --git a/.github/workflows/disallowed-content-checks.yaml b/.github/workflows/disallowed-content-checks.yaml index 3292d4b..e5001ff 100644 --- a/.github/workflows/disallowed-content-checks.yaml +++ b/.github/workflows/disallowed-content-checks.yaml @@ -22,6 +22,10 @@ on: pull_request_target: branches: [main] +permissions: + contents: read + pull-requests: write + jobs: main: runs-on: ubuntu-22.04 diff --git a/.github/workflows/markdown-checks.yaml b/.github/workflows/markdown-checks.yaml index ac6249d..6bf69a7 100644 --- a/.github/workflows/markdown-checks.yaml +++ b/.github/workflows/markdown-checks.yaml @@ -19,6 +19,9 @@ on: branches: [main] paths: 'docs/**' +permissions: + contents: read + jobs: main: if: contains(github.repositoryUrl, 'github.com') diff --git a/.github/workflows/merged-pr-labeler.yaml b/.github/workflows/merged-pr-labeler.yaml index 4b08df2..8cb397c 100644 --- a/.github/workflows/merged-pr-labeler.yaml +++ b/.github/workflows/merged-pr-labeler.yaml @@ -18,6 +18,10 @@ on: pull_request_target: types: [closed] +permissions: + contents: read + pull-requests: write + jobs: assign-label-on-merge: