From ec04e7df464c7a6ab10790dddb99745380dc239d Mon Sep 17 00:00:00 2001 From: Rob Anderson Date: Tue, 27 Aug 2024 22:57:32 -0600 Subject: [PATCH 1/3] Test top-level permissions --- .github/workflows/i18n-issues.yml | 3 +++ .github/workflows/pr-checks.yml | 2 ++ .github/workflows/release.yml | 3 +++ 3 files changed, 8 insertions(+) diff --git a/.github/workflows/i18n-issues.yml b/.github/workflows/i18n-issues.yml index b1fd1fb..1e201fb 100644 --- a/.github/workflows/i18n-issues.yml +++ b/.github/workflows/i18n-issues.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + issues: write + jobs: check_translations: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 9206e12..bf426f4 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -5,6 +5,8 @@ on: branches: - main +permissions: read-all + jobs: check_translations: runs-on: ubuntu-latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8b8c9d6..55b4452 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: tags: - "**" +permissions: + contents: write + jobs: release: runs-on: ubuntu-latest From 37905292916781626102533f7d07794a1431fdb3 Mon Sep 17 00:00:00 2001 From: Rob Anderson Date: Tue, 27 Aug 2024 23:02:03 -0600 Subject: [PATCH 2/3] Needs write for cache --- .github/workflows/i18n-issues.yml | 1 + .github/workflows/pr-checks.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/i18n-issues.yml b/.github/workflows/i18n-issues.yml index 1e201fb..313eaed 100644 --- a/.github/workflows/i18n-issues.yml +++ b/.github/workflows/i18n-issues.yml @@ -6,6 +6,7 @@ on: - main permissions: + actions: write issues: write jobs: diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index bf426f4..4b59cca 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -5,7 +5,8 @@ on: branches: - main -permissions: read-all +permissions: + actions: write jobs: check_translations: From 4b0b3978d49e9d9c2e7775930300268e7fa87769 Mon Sep 17 00:00:00 2001 From: Rob Anderson Date: Tue, 27 Aug 2024 23:04:53 -0600 Subject: [PATCH 3/3] Fix two minor yamlint issues --- .github/workflows/i18n-issues.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/i18n-issues.yml b/.github/workflows/i18n-issues.yml index 313eaed..f033071 100644 --- a/.github/workflows/i18n-issues.yml +++ b/.github/workflows/i18n-issues.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: "3.x" + python-version: 3.x - name: Install Python dependencies run: pip install -r requirements.txt diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 4b59cca..010bf17 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.x" + python-version: 3.x - name: Install Python dependencies run: pip install -r requirements.txt