diff --git a/.github/workflows/automerge_to_future.yml b/.github/workflows/automerge_to_future.yml index ea831a5dd..0274abc2d 100644 --- a/.github/workflows/automerge_to_future.yml +++ b/.github/workflows/automerge_to_future.yml @@ -1,6 +1,8 @@ name: Create PR to merge release branch into the main branch # At the end of a release cycle and the start of a new one, we may want to automatically forward all changes to the current branch (main) to the branch for the next release (future). # This workflow can be disabled earlier in the release cycle in the GitHub UI as described in https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow +permissions: + contents: read on: schedule: - cron: '0 9 * * *' diff --git a/.github/workflows/automerge_to_main.yml b/.github/workflows/automerge_to_main.yml index ca18f8c4e..342c01a49 100644 --- a/.github/workflows/automerge_to_main.yml +++ b/.github/workflows/automerge_to_main.yml @@ -1,6 +1,8 @@ name: Create PR to merge release branch into the main branch # At the end of a release cycle, we may want to automatically include all changes to release branches on the main branch to avoid the need for cherry-picking changes back to release branches # This workflow can be disabled earlier in the release cycle in the GitHub UI as described in https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow +permissions: + contents: read on: schedule: - cron: '0 9 * * *' diff --git a/.github/workflows/automerge_to_release.yml b/.github/workflows/automerge_to_release.yml index dbaf7394e..8b1503b72 100644 --- a/.github/workflows/automerge_to_release.yml +++ b/.github/workflows/automerge_to_release.yml @@ -1,6 +1,8 @@ name: Create PR to merge main into release branch # In the first period after branching the release branch, we typically want to include many changes from `main` in the release branch. This workflow automatically creates a PR every Monday to merge main into the release branch. # Later in the release cycle we should stop this practice to avoid landing risky changes by disabling this workflow. To do so, disable the workflow as described in https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow +permissions: + contents: read on: schedule: - cron: '0 9 * * MON' diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 76a609c6f..6c35a298c 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,5 +1,8 @@ name: Pull request +permissions: + contents: read + on: pull_request: types: [opened, reopened, synchronize]