From c0ccbf5c3a0b2b540440b4983a6a236832d29146 Mon Sep 17 00:00:00 2001 From: Asgeir Melling Date: Wed, 15 Oct 2025 09:39:10 +0200 Subject: [PATCH 1/2] chore: add permissions to pipelines --- .github/workflows/build.yml | 3 +++ .github/workflows/docs.yaml | 3 +++ .github/workflows/lint.yml | 3 +++ .github/workflows/on-pr-to-main.yml | 4 ++++ .github/workflows/on-push-any-branch.yml | 3 +++ .github/workflows/on-push-main-branch.yml | 3 +++ .github/workflows/publish.yml | 3 +++ .github/workflows/release-please.yml | 6 ++++++ 8 files changed, 28 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 33bbd45f..af744085 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,8 @@ name: "๐Ÿงช Build & test code" +permissions: + contents: read + on: workflow_dispatch: workflow_call: diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 32705730..c62c822a 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -1,5 +1,8 @@ name: "๐Ÿ“š Publish Docs" +permissions: + contents: write + on: # Workflow dispatch is used for manual triggers workflow_dispatch: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d3c973ca..50398795 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,5 +1,8 @@ name: '๐Ÿ’Ž Code quality' +permissions: + contents: read + on: workflow_dispatch: workflow_call: diff --git a/.github/workflows/on-pr-to-main.yml b/.github/workflows/on-pr-to-main.yml index 83cc304d..745e60bd 100644 --- a/.github/workflows/on-pr-to-main.yml +++ b/.github/workflows/on-pr-to-main.yml @@ -1,5 +1,9 @@ name: 'โž• Pull Request' +permissions: + contents: read + pull-requests: write + on: pull_request: types: diff --git a/.github/workflows/on-push-any-branch.yml b/.github/workflows/on-push-any-branch.yml index 125edb1b..50a4389a 100644 --- a/.github/workflows/on-push-any-branch.yml +++ b/.github/workflows/on-push-any-branch.yml @@ -1,5 +1,8 @@ name: 'โœจ On push to any branch' +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/on-push-main-branch.yml b/.github/workflows/on-push-main-branch.yml index 74404808..66977173 100644 --- a/.github/workflows/on-push-main-branch.yml +++ b/.github/workflows/on-push-main-branch.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: write + jobs: publish-docs: name: '๏ธโ€๐Ÿ“š๏ธ Publish Docs' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8dc6cd01..ffc6705d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,5 +1,8 @@ name: ๐Ÿš€ Upload Python Package +permissions: + contents: read + on: workflow_dispatch: workflow_call: diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 691797b5..1e49ae4c 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -1,4 +1,10 @@ name: ๐ŸŽ‰ Release Please + +permissions: + contents: write + issues: write + pull-requests: write + on: push: branches: From fb079547bee989f0bdad50dd37a8f2db5a1315b3 Mon Sep 17 00:00:00 2001 From: Asgeir Melling Date: Wed, 15 Oct 2025 09:41:39 +0200 Subject: [PATCH 2/2] chore: wip --- .github/workflows/on-pr-to-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-pr-to-main.yml b/.github/workflows/on-pr-to-main.yml index 745e60bd..bd2065d1 100644 --- a/.github/workflows/on-pr-to-main.yml +++ b/.github/workflows/on-pr-to-main.yml @@ -3,7 +3,7 @@ name: 'โž• Pull Request' permissions: contents: read pull-requests: write - + on: pull_request: types: