From 91ab1fcaf234aea4a5b5940b43de4e90c1b7ce66 Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Wed, 29 Jan 2025 11:27:39 +0200 Subject: [PATCH] fix(ci): permissions --- .github/workflows/pr-lint.yml | 6 ++++++ .github/workflows/release-drafter.yml | 7 ++++++- .github/workflows/stale.yml | 9 ++++++--- .github/workflows/static.yml | 2 ++ .github/workflows/sync-labels.yml | 9 ++++++--- 5 files changed, 26 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 36b989c..002a522 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: PR Lint on: @@ -11,3 +12,8 @@ on: jobs: SuperLinter: uses: ivuorinen/.github/.github/workflows/pr-lint.yml@main + permissions: + contents: read + packages: read + statuses: write + diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 3b3945d..a0b46e4 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -1,10 +1,15 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Release Drafter -# yamllint disable-line rule:truthy on: workflow_call: jobs: Draft: uses: ivuorinen/.github/.github/workflows/sync-labels.yml@main + permissions: + contents: write + statuses: write + packages: read + diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6792e51..5c0c679 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,7 +1,7 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Stale -# yamllint disable-line rule:truthy on: schedule: - cron: '0 8 * * *' @@ -10,8 +10,11 @@ on: jobs: stale: + uses: ivuorinen/.github/.github/workflows/stale.yml@main permissions: - contents: write + contents: write # only for delete-branch option issues: write pull-requests: write - uses: ivuorinen/.github/.github/workflows/stale.yml@main + statuses: read + packages: read + diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index d387756..c630a92 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -1,3 +1,5 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json # Simple workflow for deploying static content to GitHub Pages name: Deploy static content to Pages diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index d1147ea..4c0d43a 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Sync labels # yamllint disable-line rule:truthy @@ -13,9 +14,11 @@ on: workflow_call: workflow_dispatch: -permissions: - issues: write - jobs: SyncLabels: uses: ivuorinen/.github/.github/workflows/sync-labels.yml@main + permissions: + issues: write + contents: read + statuses: read +