diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 60c0e4a913..d811d2221c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,5 +1,8 @@ name: docker +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/issue_comment.yml b/.github/workflows/issue_comment.yml index b542f792f9..042cd782a2 100644 --- a/.github/workflows/issue_comment.yml +++ b/.github/workflows/issue_comment.yml @@ -1,5 +1,9 @@ name: Sync issue comments to JIRA +permissions: + issues: write + pull-requests: write + # This workflow will be triggered when new issue comment is created (including PR comments) on: issue_comment diff --git a/.github/workflows/new_issues.yml b/.github/workflows/new_issues.yml index 4d355c0776..3f6097efdd 100644 --- a/.github/workflows/new_issues.yml +++ b/.github/workflows/new_issues.yml @@ -1,5 +1,8 @@ name: Sync issues to Jira +permissions: + issues: write + # This workflow will be triggered when a new issue is opened on: issues diff --git a/.github/workflows/new_prs.yml b/.github/workflows/new_prs.yml index 4c750bba15..40e10fe13e 100644 --- a/.github/workflows/new_prs.yml +++ b/.github/workflows/new_prs.yml @@ -1,5 +1,8 @@ name: Sync remain PRs to Jira +permissions: + pull-requests: write + # This workflow will be triggered every hour, to sync remaining PRs (i.e. PRs with zero comment) to Jira project # Note that, PRs can also get synced when new PR comment is created on: diff --git a/.github/workflows/pr_approved.yml b/.github/workflows/pr_approved.yml index 963d6cba87..9158e16775 100644 --- a/.github/workflows/pr_approved.yml +++ b/.github/workflows/pr_approved.yml @@ -1,4 +1,8 @@ name: Sync approved PRs to internal codebase + +permissions: + contents: read + on: pull_request_target: types: [labeled] diff --git a/.github/workflows/release_zips.yml b/.github/workflows/release_zips.yml index bc2bf7b5c0..ec6bf6976a 100644 --- a/.github/workflows/release_zips.yml +++ b/.github/workflows/release_zips.yml @@ -1,5 +1,8 @@ name: Create zip file with recursive source clone for release +permissions: + contents: write + on: push: tags: