From 7ca219f9c49583fa4759dea3ba83a5cc084f387e Mon Sep 17 00:00:00 2001 From: Sebastian Rittau Date: Mon, 26 Apr 2021 16:51:35 +0200 Subject: [PATCH] Add permissions to all workflows (#5255) --- .github/workflows/mypy_primer.yml | 3 +++ .github/workflows/mypy_primer_comment.yml | 3 +++ .github/workflows/stubtest-unused-whitelist.yml | 4 ++++ .github/workflows/tests.yml | 3 +++ 4 files changed, 13 insertions(+) diff --git a/.github/workflows/mypy_primer.yml b/.github/workflows/mypy_primer.yml index c7e96261a..5df5f9a23 100644 --- a/.github/workflows/mypy_primer.yml +++ b/.github/workflows/mypy_primer.yml @@ -4,6 +4,9 @@ on: # Only run on PR, since we diff against master pull_request: +permissions: + contents: read + jobs: mypy_primer: name: Run diff --git a/.github/workflows/mypy_primer_comment.yml b/.github/workflows/mypy_primer_comment.yml index b54dbd470..d4fb156fd 100644 --- a/.github/workflows/mypy_primer_comment.yml +++ b/.github/workflows/mypy_primer_comment.yml @@ -8,6 +8,9 @@ on: # commit, wait till it's completed, and download and post the diff. pull_request_target: +permissions: + contents: read + jobs: mypy_primer: name: Comment diff --git a/.github/workflows/stubtest-unused-whitelist.yml b/.github/workflows/stubtest-unused-whitelist.yml index cca20a38f..403df166a 100644 --- a/.github/workflows/stubtest-unused-whitelist.yml +++ b/.github/workflows/stubtest-unused-whitelist.yml @@ -5,6 +5,10 @@ on: schedule: - cron: '0 4 * * SAT' +permissions: + contents: read + pull-requests: write + jobs: stubtest: if: github.repository == 'python/typeshed' diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1fea83f91..7eca51ac7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -4,6 +4,9 @@ on: push: pull_request: +permissions: + contents: read + jobs: file-consistency: name: Check file consistency