add now necessary permissions to github action jobs using labels/issues

rust-lang · Sep 23, 2024 · 4b830ac · 4b830ac
1 parent ffa296e
commit 4b830ac
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 0 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -10,6 +10,10 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+  issues: write
+
 jobs:
   security_audit:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/on-pr-review-approve.yml b/.github/workflows/on-pr-review-approve.yml
@@ -2,6 +2,10 @@ on:
   pull_request_review:
     types: [submitted]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   update-labels:
     if: github.event.review.state == 'approved'

diff --git a/.github/workflows/on-pr-review-submit.yml b/.github/workflows/on-pr-review-submit.yml
@@ -2,6 +2,10 @@ on:
   pull_request_review:
     types: [submitted]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   update-labels:
     if: github.event.review.state == 'changes_requested'

diff --git a/.github/workflows/tag-merged-pr.yml b/.github/workflows/tag-merged-pr.yml
@@ -4,6 +4,10 @@ on:
       - master
     types: [closed]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   update-labels:
     if: ${{ github.event.pull_request.merged }}

diff --git a/.github/workflows/tag-new-pr.yml b/.github/workflows/tag-new-pr.yml
@@ -4,6 +4,10 @@ on:
       - master
     types: [opened, reopened, review_requested]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   update-labels:
     runs-on: ubuntu-latest