diff --git a/.github/workflows/refresh-csl-subtrees.yml b/.github/workflows/refresh-csl-subtrees.yml index 8a1b647b0a6..85aad208e7e 100644 --- a/.github/workflows/refresh-csl-subtrees.yml +++ b/.github/workflows/refresh-csl-subtrees.yml @@ -6,6 +6,9 @@ on: - cron: '1 2 1,15 * *' workflow_dispatch: +permissions: + contents: read + jobs: publish: name: Refresh Citation Style Language Files diff --git a/.github/workflows/refresh-journal-lists.yml b/.github/workflows/refresh-journal-lists.yml index 87b09f81785..fff8fcdb9fe 100644 --- a/.github/workflows/refresh-journal-lists.yml +++ b/.github/workflows/refresh-journal-lists.yml @@ -4,8 +4,14 @@ on: workflow_dispatch: # Allow to run manually +permissions: + contents: read + jobs: publish: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR name: Refresh Journal List Files runs-on: ubuntu-latest steps: diff --git a/.github/workflows/tests-fetchers.yml b/.github/workflows/tests-fetchers.yml index ebc3ac6ada6..c0dd33d916b 100644 --- a/.github/workflows/tests-fetchers.yml +++ b/.github/workflows/tests-fetchers.yml @@ -31,6 +31,9 @@ concurrency: group: fetcher-tests-${{ github.head_ref }} cancel-in-progress: true +permissions: + contents: read + jobs: fetchertests: name: Fetcher tests