From 7c01254c5a68439612648645f3618d1a511a340d Mon Sep 17 00:00:00 2001 From: "Sean T. Allen" <sean@seantallen.com> Date: Sun, 26 Jan 2025 15:21:37 +0000 Subject: [PATCH] Add minimal permissions to some actions workflows --- .github/workflows/prepare-for-a-release.yml | 4 ++++ .github/workflows/release-notes.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/prepare-for-a-release.yml b/.github/workflows/prepare-for-a-release.yml index c1debd97..d18e025d 100644 --- a/.github/workflows/prepare-for-a-release.yml +++ b/.github/workflows/prepare-for-a-release.yml @@ -6,6 +6,10 @@ on: concurrency: prepare-for-a-release +permissions: + packages: read + contents: write + jobs: # all tasks that need to be done before we add an X.Y.Z tag # should be done as a step in the pre-tagging job. diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index c358cfbe..0f9e100c 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -10,6 +10,10 @@ on: - .release-notes/next-release.md - .release-notes/\d+.\d+.\d+.md +permissions: + packages: read + contents: write + jobs: release-notes: runs-on: ubuntu-latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 53a8022a..9db08ce8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,10 @@ on: concurrency: release +permissions: + packages: write + contents: write + jobs: # validation to assure that we should in fact continue with the release should # be done here. the primary reason for this step is to verify that the release