From 4fcbdee1b1b18e65d4aedfa5d446389267153c45 Mon Sep 17 00:00:00 2001 From: "Andrew W. Harn" Date: Fri, 6 Sep 2024 13:21:22 -0400 Subject: [PATCH] Update workflows permissions to be more correct Signed-off-by: Andrew W. Harn --- .github/workflows/deploy-preview.yml | 5 +++++ .github/workflows/pr-comment-trigger.yml | 3 +++ .github/workflows/pull-request-checker.yml | 3 +++ 3 files changed, 11 insertions(+) diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml index a11416f1c9..4119744de3 100644 --- a/.github/workflows/deploy-preview.yml +++ b/.github/workflows/deploy-preview.yml @@ -5,6 +5,11 @@ on: workflows: ["Build docs site"] types: [completed] +permissions: + deployments: write + pull-requests: write + statuses: write + jobs: deploy: if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }} diff --git a/.github/workflows/pr-comment-trigger.yml b/.github/workflows/pr-comment-trigger.yml index cd925573bc..15d05b1a47 100644 --- a/.github/workflows/pr-comment-trigger.yml +++ b/.github/workflows/pr-comment-trigger.yml @@ -5,6 +5,9 @@ on: types: - created +permissions: + issues: write + jobs: pr-comment: runs-on: ubuntu-latest diff --git a/.github/workflows/pull-request-checker.yml b/.github/workflows/pull-request-checker.yml index d85e5cb2e4..ab167f298f 100644 --- a/.github/workflows/pull-request-checker.yml +++ b/.github/workflows/pull-request-checker.yml @@ -8,6 +8,9 @@ on: - anax-test-branch # TODO Delete this line before merging PR types: [opened, reopened, edited, labeled] +permissions: + pull-requests: write + jobs: initial-comment: name: PR Instructions