diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index c32ac1fc..dcc64790 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -1,6 +1,9 @@ name: 'Auto Assign' on: pull_request +permissions: + pull-requests: write + jobs: add-reviews: runs-on: ubuntu-latest diff --git a/.github/workflows/functional-test-clean-up.yml b/.github/workflows/functional-test-clean-up.yml index cc5a9729..e33ce7e3 100644 --- a/.github/workflows/functional-test-clean-up.yml +++ b/.github/workflows/functional-test-clean-up.yml @@ -5,6 +5,9 @@ on: schedule: - cron: '15 7 * * *' +permissions: + contents: read + jobs: build: diff --git a/.github/workflows/functional-test.yml b/.github/workflows/functional-test.yml index b8a22dfb..63ad2756 100644 --- a/.github/workflows/functional-test.yml +++ b/.github/workflows/functional-test.yml @@ -5,6 +5,9 @@ on: paths-ignore: - '**.md' +permissions: + contents: read + jobs: build: if: "!contains(github.event.head_commit.message, 'chore(release):')" diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index e55be7e3..f846395b 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -11,6 +11,9 @@ on: paths-ignore: - '**.md' +permissions: + contents: read + jobs: build: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b59afd8f..120e0211 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 286f473f..c0e274cf 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -11,6 +11,9 @@ on: paths-ignore: - '**.md' +permissions: + contents: read + jobs: build: runs-on: ${{ matrix.os }}