From 8c1beb34b9e61708aa9e4cc55a73c067618e4e8b Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Mon, 2 Sep 2024 15:04:09 +0300 Subject: [PATCH] fix(workflows): revert permissions to read-all --- .github/workflows/composer-install.yml | 2 +- .github/workflows/compress-images.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/laravel-phpunit.yml | 2 +- .github/workflows/pr-compress-images.yml | 2 +- .github/workflows/pr-lint.yml | 2 +- .github/workflows/release-drafter.yml | 2 +- .github/workflows/release-monthly.yaml | 2 +- .github/workflows/reviewdog-linters.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/sync-labels-to-own-projects.yml | 2 +- .github/workflows/sync-labels.yml | 15 +-------------- 12 files changed, 12 insertions(+), 25 deletions(-) diff --git a/.github/workflows/composer-install.yml b/.github/workflows/composer-install.yml index ba06998..e634277 100644 --- a/.github/workflows/composer-install.yml +++ b/.github/workflows/composer-install.yml @@ -8,7 +8,7 @@ on: - "composer.json" - "composer.lock" -permissions: {} +permissions: read-all jobs: ComposerInstall: diff --git a/.github/workflows/compress-images.yml b/.github/workflows/compress-images.yml index 3691caf..1a0d493 100644 --- a/.github/workflows/compress-images.yml +++ b/.github/workflows/compress-images.yml @@ -8,7 +8,7 @@ on: schedule: - cron: "00 23 * * 0" -permissions: {} +permissions: read-all jobs: CompressOnDemandOrSchedule: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index c30c106..cff4cf5 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -12,7 +12,7 @@ name: "Dependency Review" on: [pull_request] -permissions: {} +permissions: read-all jobs: dependency-review: diff --git a/.github/workflows/laravel-phpunit.yml b/.github/workflows/laravel-phpunit.yml index d493fd9..171cbd1 100644 --- a/.github/workflows/laravel-phpunit.yml +++ b/.github/workflows/laravel-phpunit.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main] -permissions: {} +permissions: read-all jobs: laravel-tests: diff --git a/.github/workflows/pr-compress-images.yml b/.github/workflows/pr-compress-images.yml index 065b5c9..f7fad4b 100644 --- a/.github/workflows/pr-compress-images.yml +++ b/.github/workflows/pr-compress-images.yml @@ -11,7 +11,7 @@ on: - "**.png" - "**.webp" -permissions: {} +permissions: read-all jobs: CompressInPR: diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 91c62f8..f014848 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -24,7 +24,7 @@ on: pull_request: branches: [master, main] -permissions: {} +permissions: read-all ############### # Set the Job # diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 421ff8d..c479362 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -4,7 +4,7 @@ name: Release Drafter on: workflow_call: -permissions: {} +permissions: read-all jobs: update_release_draft: diff --git a/.github/workflows/release-monthly.yaml b/.github/workflows/release-monthly.yaml index fa419d6..1597095 100644 --- a/.github/workflows/release-monthly.yaml +++ b/.github/workflows/release-monthly.yaml @@ -7,7 +7,7 @@ on: schedule: - cron: "0 0 1 * *" # 1st of every month at midnight -permissions: {} +permissions: read-all jobs: release: diff --git a/.github/workflows/reviewdog-linters.yml b/.github/workflows/reviewdog-linters.yml index b8c890c..8aaaddb 100644 --- a/.github/workflows/reviewdog-linters.yml +++ b/.github/workflows/reviewdog-linters.yml @@ -3,7 +3,7 @@ name: Reviewdog Linters on: [pull_request] -permissions: {} +permissions: read-all jobs: linters: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3e79137..db410d4 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,7 +7,7 @@ on: workflow_call: workflow_dispatch: -permissions: {} +permissions: read-all jobs: stale: diff --git a/.github/workflows/sync-labels-to-own-projects.yml b/.github/workflows/sync-labels-to-own-projects.yml index abf1f01..87f2048 100644 --- a/.github/workflows/sync-labels-to-own-projects.yml +++ b/.github/workflows/sync-labels-to-own-projects.yml @@ -12,7 +12,7 @@ on: schedule: - cron: "0 0 * * *" # Every day at midnight -permissions: {} +permissions: read-all jobs: sync-labels: diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 1be8d0e..1aee1de 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -13,7 +13,7 @@ on: workflow_call: workflow_dispatch: -permissions: {} +permissions: read-all jobs: labels: @@ -21,19 +21,6 @@ jobs: runs-on: ubuntu-latest permissions: issues: write - actions: read - attestations: read - checks: read - contents: read - deployments: read - discussions: read - packages: read - pages: read - pull-requests: read - repository-projects: read - statuses: read - security-events: read - id-token: read steps: - name: ⤵️ Download latest labels definitions run: |