From 336c9f1a3969f6964601f26efd78af9717b67fff Mon Sep 17 00:00:00 2001 From: kodster28 Date: Fri, 2 May 2025 10:22:11 -0500 Subject: [PATCH 1/2] [GHA] More perms --- .github/workflows/anchor-link-audit.yml | 2 ++ .github/workflows/comment-changed-filenames.yml | 2 ++ .github/workflows/image-audit.yml | 2 ++ .github/workflows/issue.yml | 4 +++- .github/workflows/no-response.yml | 5 ++++- 5 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/anchor-link-audit.yml b/.github/workflows/anchor-link-audit.yml index 3176f93e2a61c36..6cf4c82274fa25c 100644 --- a/.github/workflows/anchor-link-audit.yml +++ b/.github/workflows/anchor-link-audit.yml @@ -46,6 +46,8 @@ jobs: run: ./bin/htmltest -c ./bin/.htmltest.yml - name: Create issue on failure + permissions: + issues: write if: ${{ failure() }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/comment-changed-filenames.yml b/.github/workflows/comment-changed-filenames.yml index 06c59f3f0d98ce4..30e4a3f77f97f22 100644 --- a/.github/workflows/comment-changed-filenames.yml +++ b/.github/workflows/comment-changed-filenames.yml @@ -36,6 +36,8 @@ jobs: echo "${delimiter}" >> "$GITHUB_ENV" - name: Comment or Update Comment on PR based on changed files + permissions: + pull-requests: write env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | diff --git a/.github/workflows/image-audit.yml b/.github/workflows/image-audit.yml index 2d694888270d10c..335fdb564507fb9 100644 --- a/.github/workflows/image-audit.yml +++ b/.github/workflows/image-audit.yml @@ -38,6 +38,8 @@ jobs: fi - name: Create Issue if Unused Files Found + permissions: + issues: write if: steps.find-files.outputs.unused_files env: UNUSED_FILES: ${{ steps.find-files.outputs.unused_files }} diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index 2a72d22ea742497..da71c2a295e1445 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -6,7 +6,9 @@ on: jobs: compile: - name: Assignee + name: + permissions: + issues: write runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml index 4cad78fc26d01c8..41b664f729a3916 100644 --- a/.github/workflows/no-response.yml +++ b/.github/workflows/no-response.yml @@ -17,6 +17,9 @@ on: jobs: noResponse: + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: lee-dohm/no-response@v0.5.0 @@ -26,5 +29,5 @@ jobs: closeComment: > This issue was closed automatically because there has been no response from the original author. As it stands currently, we don't have enough information - to take action. If you believe this issue was closed in error, a) apologies and b) open a new issue + to take action. If you believe this issue was closed in error, a) apologies and b) open a new issue and reference this one in the body. From ab1b4f07dc3581a5ff32ea2499d5dd6045f8e039 Mon Sep 17 00:00:00 2001 From: kodster28 Date: Fri, 2 May 2025 10:23:11 -0500 Subject: [PATCH 2/2] update --- .github/workflows/issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index da71c2a295e1445..6d61fc4d6401bda 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -6,7 +6,7 @@ on: jobs: compile: - name: + name: Assignee permissions: issues: write runs-on: ubuntu-latest