diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1b4715146d5c..dcae935b2ef1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -608,6 +608,8 @@ jobs: run: .github/workflows/scripts/triggerUnmanagedCommunityBuild.sh "${{ secrets.BUILD_TOKEN }}" "$THISBUILD_VERSION" publish_release: + permissions: + contents: write # for actions/create-release to create a release runs-on: [self-hosted, Linux] container: image: lampepfl/dotty:2021-03-22 diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index ebe65dfc3cde..175841b8edfa 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -4,6 +4,10 @@ on: push: branches: - 'language-reference-backport' +permissions: + contents: write + pull-requests: write + jobs: check: runs-on: ubuntu-latest diff --git a/.github/workflows/language-reference.yaml b/.github/workflows/language-reference.yaml index 6aeb174738a2..58025c7e7993 100644 --- a/.github/workflows/language-reference.yaml +++ b/.github/workflows/language-reference.yaml @@ -9,8 +9,14 @@ on: - 'language-reference-stable' workflow_dispatch: +permissions: + contents: read + jobs: build-and-push: + permissions: + contents: write # for Git to git push + pull-requests: write # for peter-evans/create-pull-request to create a PR runs-on: ubuntu-latest steps: - name: Get current date diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 820843778428..7420b2e2c621 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -2,6 +2,9 @@ name: Releases on: workflow_dispatch: +permissions: + contents: read + jobs: publish_release: runs-on: [self-hosted, Linux] diff --git a/.github/workflows/scaladoc.yaml b/.github/workflows/scaladoc.yaml index eb2da5c363ae..d5135aed3483 100644 --- a/.github/workflows/scaladoc.yaml +++ b/.github/workflows/scaladoc.yaml @@ -7,6 +7,9 @@ on: pull_request: branches-ignore: - 'language-reference-stable' +permissions: + contents: read + jobs: build: env: