diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 3a0c4936c..f4fbb831e 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -12,6 +12,9 @@ jobs: if: ${{ github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'run-dev-build') }} name: Prepare build runs-on: [ "ubuntu-20.04" ] + permissions: + contents: read + pull-requests: read outputs: version_main: ${{ steps.version_main.outputs.version_main }} version_dev: ${{ steps.version_dev.outputs.version_dev }}${{ steps.version_pr.outputs.version_pr }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index b4865d078..607e1d234 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -8,6 +8,9 @@ on: jobs: update_release_draft: + permissions: + contents: write # for release-drafter/release-drafter to create a github release + pull-requests: read # for release-drafter/release-drafter to read PR content and labels runs-on: ubuntu-latest steps: - uses: release-drafter/release-drafter@v5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56ee9362e..223914568 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,6 +44,8 @@ jobs: return { "board": boards } build: + permissions: + contents: write # for actions/upload-release-asset to upload release asset name: Release build for ${{ matrix.board.id }} needs: validate_release strategy: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ff356e391..d38331260 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -8,6 +8,9 @@ on: jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: # The 90 day stale policy