diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml index 55f9ec49fa7..cc813e252ef 100644 --- a/.github/workflows/clang-format.yml +++ b/.github/workflows/clang-format.yml @@ -7,6 +7,9 @@ on: - main workflow_dispatch: +permissions: + contents: read + jobs: format-check: runs-on: ubuntu-latest diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml index 2881a667a89..cae2d6b538a 100644 --- a/.github/workflows/closed-issue-message.yml +++ b/.github/workflows/closed-issue-message.yml @@ -2,6 +2,9 @@ name: Closed Issue Message on: issues: types: [closed] +permissions: + issues: write + jobs: auto_comment: runs-on: ubuntu-latest diff --git a/.github/workflows/cspell.yml b/.github/workflows/cspell.yml index b0bc75bdbe9..1a4c257edb7 100644 --- a/.github/workflows/cspell.yml +++ b/.github/workflows/cspell.yml @@ -2,6 +2,9 @@ name: cspell on: [push] +permissions: + contents: read + jobs: cspell: name: cspell diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index f91f8c66632..5edc44ebfde 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -2,6 +2,9 @@ name: License Scan on: [pull_request] +permissions: + contents: read + jobs: build: diff --git a/.github/workflows/license-scheduled-check.yml b/.github/workflows/license-scheduled-check.yml index b68eb54aec7..c44049a1498 100644 --- a/.github/workflows/license-scheduled-check.yml +++ b/.github/workflows/license-scheduled-check.yml @@ -4,6 +4,9 @@ on: schedule: - cron: "0 0 * * *" +permissions: + contents: read + jobs: build: diff --git a/.github/workflows/stale_issue.yml b/.github/workflows/stale_issue.yml index 4aff44e8e03..a20088a5ff5 100644 --- a/.github/workflows/stale_issue.yml +++ b/.github/workflows/stale_issue.yml @@ -5,6 +5,10 @@ on: schedule: - cron: "0 0 * * *" +permissions: + issues: write + pull-requests: write + jobs: cleanup: runs-on: ubuntu-latest