From efb443cdbbc3e60efcb233e3667f4f9d1b713d64 Mon Sep 17 00:00:00 2001 From: "Sean T. Allen" Date: Mon, 9 Feb 2026 08:58:21 -0500 Subject: [PATCH] Add missing permissions to GitHub Actions workflows --- .github/workflows/announce-a-release.yml | 4 ++++ .github/workflows/breakage-against-ponyc-latest.yml | 3 +++ .github/workflows/pr.yml | 3 +++ .github/workflows/prepare-for-a-release.yml | 4 ++++ 4 files changed, 14 insertions(+) diff --git a/.github/workflows/announce-a-release.yml b/.github/workflows/announce-a-release.yml index e9f9293..e7bb0fa 100644 --- a/.github/workflows/announce-a-release.yml +++ b/.github/workflows/announce-a-release.yml @@ -7,6 +7,10 @@ on: concurrency: announce-a-release +permissions: + packages: read + contents: write + jobs: announce: name: Announcements diff --git a/.github/workflows/breakage-against-ponyc-latest.yml b/.github/workflows/breakage-against-ponyc-latest.yml index ca67971..045e734 100644 --- a/.github/workflows/breakage-against-ponyc-latest.yml +++ b/.github/workflows/breakage-against-ponyc-latest.yml @@ -5,6 +5,9 @@ on: types: - shared-docker-builders-updated +permissions: + packages: read + jobs: vs-latest-ponyc: name: Verify main against the latest ponyc diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 4259a48..a17ebe1 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -6,6 +6,9 @@ concurrency: group: pr-${{ github.ref }} cancel-in-progress: true +permissions: + packages: read + jobs: superlinter: name: Lint bash, docker, markdown, and yaml diff --git a/.github/workflows/prepare-for-a-release.yml b/.github/workflows/prepare-for-a-release.yml index 93ce4a1..564b19f 100644 --- a/.github/workflows/prepare-for-a-release.yml +++ b/.github/workflows/prepare-for-a-release.yml @@ -7,6 +7,10 @@ on: concurrency: prepare-for-a-release +permissions: + packages: read + contents: write + jobs: # all tasks that need to be done before we add an X.Y.Z tag # should be done as a step in the pre-tagging job.