diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 33bbd45f..af744085 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,8 @@ name: "๐Ÿงช Build & test code" +permissions: + contents: read + on: workflow_dispatch: workflow_call: diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 32705730..c62c822a 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -1,5 +1,8 @@ name: "๐Ÿ“š Publish Docs" +permissions: + contents: write + on: # Workflow dispatch is used for manual triggers workflow_dispatch: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d3c973ca..50398795 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,5 +1,8 @@ name: '๐Ÿ’Ž Code quality' +permissions: + contents: read + on: workflow_dispatch: workflow_call: diff --git a/.github/workflows/on-pr-to-main.yml b/.github/workflows/on-pr-to-main.yml index 83cc304d..bd2065d1 100644 --- a/.github/workflows/on-pr-to-main.yml +++ b/.github/workflows/on-pr-to-main.yml @@ -1,5 +1,9 @@ name: 'โž• Pull Request' +permissions: + contents: read + pull-requests: write + on: pull_request: types: diff --git a/.github/workflows/on-push-any-branch.yml b/.github/workflows/on-push-any-branch.yml index 125edb1b..50a4389a 100644 --- a/.github/workflows/on-push-any-branch.yml +++ b/.github/workflows/on-push-any-branch.yml @@ -1,5 +1,8 @@ name: 'โœจ On push to any branch' +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/on-push-main-branch.yml b/.github/workflows/on-push-main-branch.yml index 74404808..66977173 100644 --- a/.github/workflows/on-push-main-branch.yml +++ b/.github/workflows/on-push-main-branch.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: write + jobs: publish-docs: name: '๏ธโ€๐Ÿ“š๏ธ Publish Docs' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8dc6cd01..ffc6705d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,5 +1,8 @@ name: ๐Ÿš€ Upload Python Package +permissions: + contents: read + on: workflow_dispatch: workflow_call: diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 691797b5..1e49ae4c 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -1,4 +1,10 @@ name: ๐ŸŽ‰ Release Please + +permissions: + contents: write + issues: write + pull-requests: write + on: push: branches: