diff --git a/.github/workflows/branch.yml b/.github/workflows/branch.yml index 31e624ed..1a9dc9b0 100644 --- a/.github/workflows/branch.yml +++ b/.github/workflows/branch.yml @@ -4,6 +4,8 @@ name: Branch Checks on: pull_request: +permissions: {} + jobs: target_branch: name: PR targets branch diff --git a/.github/workflows/codeowners.yml b/.github/workflows/codeowners.yml index ed9ba265..6039421d 100644 --- a/.github/workflows/codeowners.yml +++ b/.github/workflows/codeowners.yml @@ -7,6 +7,8 @@ on: - 'CODEOWNERS' - 'CODEOWNERS.in' +permissions: {} + jobs: updated: name: Up-to-date diff --git a/.github/workflows/dependent-issues.yml b/.github/workflows/dependent-issues.yml index 91bde50c..aec23b74 100644 --- a/.github/workflows/dependent-issues.yml +++ b/.github/workflows/dependent-issues.yml @@ -19,6 +19,11 @@ on: schedule: - cron: '0 0/6 * * *' # every 6 hours +permissions: + issues: write + pull-requests: write + statuses: write + jobs: check: name: Check Dependencies diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e3e75acc..612a580b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -4,6 +4,8 @@ name: End to End Tests on: pull_request: +permissions: {} + jobs: e2e: name: E2E diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 7892a07b..c951d3ad 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -4,6 +4,8 @@ name: Linting on: pull_request: +permissions: {} + jobs: apply-suggestions-commits: name: 'No "Apply suggestions from code review" Commits' diff --git a/.github/workflows/periodic.yml b/.github/workflows/periodic.yml index c6b76a7a..6e65df53 100644 --- a/.github/workflows/periodic.yml +++ b/.github/workflows/periodic.yml @@ -5,6 +5,8 @@ on: schedule: - cron: "0 0 * * 0" +permissions: {} + jobs: markdown-link-check-periodic: name: Markdown Links (all files) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e91362c..3e4a5dfa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,12 @@ on: paths: - 'releases/**' +permissions: + contents: write + packages: write + pull-requests: write + issues: write + jobs: release: name: Release diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml index cd31ccd8..761e9dda 100644 --- a/.github/workflows/validation.yml +++ b/.github/workflows/validation.yml @@ -4,6 +4,8 @@ name: Validation on: pull_request: +permissions: {} + jobs: yamls: name: Release YAMLs