From 5ebe38a6f45f2e3c4708e28f74f389615421d06f Mon Sep 17 00:00:00 2001 From: saan800 Date: Mon, 1 Jun 2026 22:49:51 +0800 Subject: [PATCH 1/3] chore: github permissions --- .github/workflows/dotnet-package-pr.yml | 4 +++- .github/workflows/dotnet-pr.yml | 2 +- .github/workflows/example-pr.yml | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dotnet-package-pr.yml b/.github/workflows/dotnet-package-pr.yml index 56e2c30..b5995de 100644 --- a/.github/workflows/dotnet-package-pr.yml +++ b/.github/workflows/dotnet-package-pr.yml @@ -67,7 +67,7 @@ permissions: jobs: ci-cd: permissions: - contents: write + contents: read packages: write pull-requests: write uses: ./.github/workflows/_dotnet-build-test-pack-publish-nuget.yml @@ -104,6 +104,8 @@ jobs: secrets: inherit dependency-review: + permissions: + contents: read uses: ./.github/workflows/_dependency-review.yml with: harden-runner-policy: ${{ inputs.harden-runner-policy }} diff --git a/.github/workflows/dotnet-pr.yml b/.github/workflows/dotnet-pr.yml index 607bad4..6131a21 100644 --- a/.github/workflows/dotnet-pr.yml +++ b/.github/workflows/dotnet-pr.yml @@ -59,7 +59,7 @@ on: permissions: actions: read - contents: write + contents: read pull-requests: write security-events: write diff --git a/.github/workflows/example-pr.yml b/.github/workflows/example-pr.yml index 4a277ba..7a3348a 100644 --- a/.github/workflows/example-pr.yml +++ b/.github/workflows/example-pr.yml @@ -21,7 +21,7 @@ jobs: dotnet-package-pr: permissions: actions: read - contents: write + contents: read packages: write pull-requests: write security-events: write @@ -37,7 +37,7 @@ jobs: dotnet-minimal-web-api-pr: permissions: actions: read - contents: write + contents: read pull-requests: write security-events: write uses: ./.github/workflows/dotnet-pr.yml From 41f2b8506e9a2fbaa35d2242d9d5ec14b7c24d46 Mon Sep 17 00:00:00 2001 From: saan800 Date: Mon, 1 Jun 2026 22:51:56 +0800 Subject: [PATCH 2/3] chore: github permissions --- .github/workflows/dotnet-package-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-package-pr.yml b/.github/workflows/dotnet-package-pr.yml index b5995de..f270c80 100644 --- a/.github/workflows/dotnet-package-pr.yml +++ b/.github/workflows/dotnet-package-pr.yml @@ -59,7 +59,7 @@ on: permissions: actions: read - contents: write + contents: read packages: write pull-requests: write security-events: write From bb179080ede21193672556c0729b90eb36b4fd30 Mon Sep 17 00:00:00 2001 From: saan800 Date: Mon, 1 Jun 2026 22:54:37 +0800 Subject: [PATCH 3/3] chore: github permissions --- .github/workflows/dotnet-package-pr.yml | 4 ++-- .github/workflows/example-pr.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dotnet-package-pr.yml b/.github/workflows/dotnet-package-pr.yml index f270c80..3a2a34e 100644 --- a/.github/workflows/dotnet-package-pr.yml +++ b/.github/workflows/dotnet-package-pr.yml @@ -59,7 +59,7 @@ on: permissions: actions: read - contents: read + contents: write packages: write pull-requests: write security-events: write @@ -67,7 +67,7 @@ permissions: jobs: ci-cd: permissions: - contents: read + contents: write packages: write pull-requests: write uses: ./.github/workflows/_dotnet-build-test-pack-publish-nuget.yml diff --git a/.github/workflows/example-pr.yml b/.github/workflows/example-pr.yml index 7a3348a..29fc04f 100644 --- a/.github/workflows/example-pr.yml +++ b/.github/workflows/example-pr.yml @@ -12,7 +12,7 @@ on: permissions: actions: read - contents: read + contents: write packages: write pull-requests: write security-events: write @@ -21,7 +21,7 @@ jobs: dotnet-package-pr: permissions: actions: read - contents: read + contents: write packages: write pull-requests: write security-events: write