From 74d6516cce9fa5865b6212b176856722c133449d Mon Sep 17 00:00:00 2001
From: Wei Ji <23487320+weiji14@users.noreply.github.com>
Date: Thu, 2 Oct 2025 15:18:38 +1300
Subject: [PATCH 1/2] Set write permissions for contents and pull-requests for
 dispatch events

Need permissions `contents: write` to execute repo dispatch event and for git to push, need `pull-requests: write` for peter-evans/slash-command-dispatch to create PR reaction
---
 .github/workflows/format-command.yml         | 6 ++++--
 .github/workflows/slash-command-dispatch.yml | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/format-command.yml b/.github/workflows/format-command.yml
index 887588baf79..59ff705ee8d 100644
--- a/.github/workflows/format-command.yml
+++ b/.github/workflows/format-command.yml
@@ -8,11 +8,13 @@ on:
   repository_dispatch:
     types: [format-command]
 
-permissions:
-  contents: write
+permissions: {}
 
 jobs:
   format:
+    permissions:
+      contents: write # for Git to git push
+      pull-requests: write # for peter-evans/create-or-update-comment to create PR reaction
     runs-on: ubuntu-latest
     steps:
       # Generate token from GenericMappingTools bot
diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml
index f6ac62bab45..40ac1702fc7 100644
--- a/.github/workflows/slash-command-dispatch.yml
+++ b/.github/workflows/slash-command-dispatch.yml
@@ -10,11 +10,13 @@ on:
     # Add "edited" type for test purposes. Where possible, avoid using to prevent processing unnecessary events.
     # types: [created, edited]
 
-permissions:
-  issues: write
+permissions: {}
 
 jobs:
   slashCommandDispatch:
+    permissions:
+      contents: write # for executing the repository_dispatch event
+      pull-requests: write # for peter-evans/slash-command-dispatch to create PR reaction
     if: ${{ github.event.issue.pull_request }}
     runs-on: ubuntu-latest
     steps:

From 7302e240cd0c0bdbead6f78a71c590dff9e19bc2 Mon Sep 17 00:00:00 2001
From: Wei Ji <23487320+weiji14@users.noreply.github.com>
Date: Thu, 2 Oct 2025 15:28:11 +1300
Subject: [PATCH 2/2] Remove permissions for pull-requests on
 format-command.yml

Not needed since we don't set reactions after formatting anymore.
---
 .github/workflows/format-command.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/format-command.yml b/.github/workflows/format-command.yml
index 59ff705ee8d..121be2cb329 100644
--- a/.github/workflows/format-command.yml
+++ b/.github/workflows/format-command.yml
@@ -14,7 +14,6 @@ jobs:
   format:
     permissions:
       contents: write # for Git to git push
-      pull-requests: write # for peter-evans/create-or-update-comment to create PR reaction
     runs-on: ubuntu-latest
     steps:
       # Generate token from GenericMappingTools bot