.github/workflows/: set token permissions #37810
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Testing the changes
closes #37612
requires changing the default workflow permissions in the repository settings to:
The default permissions are read-only, which works fine for the build/PR CI workflow. Cycles needed write access to issues to create them if a cycle is detected. Stale needs write access to issues and pull requests, as is documented upstream. This is safe because both those workflows should only run on master.