From ecc2c784ba6de29e7eb4389d91fc47eb7fc2f90c Mon Sep 17 00:00:00 2001 From: epszaw Date: Thu, 28 Aug 2025 14:48:31 +0200 Subject: [PATCH 1/2] add workflow-wide permissions --- .github/workflows/build.yaml | 3 +++ .github/workflows/release-drafter.yml | 7 ++++++- .github/workflows/release.yaml | 3 +++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 637be25f..03cda33b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,6 +5,9 @@ on: branches: - master +permissions: + contents: read + jobs: pytest-changes: name: Collect allure-pytest file changes diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 2d6b8ccb..cbeae175 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -5,10 +5,15 @@ on: branches: - master +permissions: + contents: read + jobs: update_draft_release: runs-on: ubuntu-latest + permissions: + contents: write steps: - uses: toolmantim/release-drafter@v5.2.0 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 10b3295f..835966a1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,6 +5,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: deploy: runs-on: ubuntu-latest From 7b6087d98c03562a3db81a519794b1d004ac4d37 Mon Sep 17 00:00:00 2001 From: epszaw Date: Fri, 29 Aug 2025 11:52:46 +0200 Subject: [PATCH 2/2] add pull requests permission --- .github/workflows/release-drafter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index cbeae175..f46957a0 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -13,6 +13,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + pull-requests: write steps: - uses: toolmantim/release-drafter@v5.2.0 env: