From 819623d1ab0f3a3e1880cf178559f936146761f7 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Thu, 9 Jan 2025 11:00:04 +0100 Subject: [PATCH 1/2] chore: adjust delete PR workflow name and set required permissions --- .github/workflows/delete_pr_preview.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/delete_pr_preview.yml b/.github/workflows/delete_pr_preview.yml index 17c16b4fab..0b145095b9 100644 --- a/.github/workflows/delete_pr_preview.yml +++ b/.github/workflows/delete_pr_preview.yml @@ -16,7 +16,9 @@ jobs: ((github.event.action == 'unlabeled' && github.event.label.name == 'safe for preview') || (github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'safe for preview'))) - name: Build with Hugo + name: Delete PR preview when a PR is closed or label removed + permissions: + contents: write runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From 96c9acdf72f7771925c8e5c5e327a08b202e261a Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Thu, 9 Jan 2025 11:21:31 +0100 Subject: [PATCH 2/2] chore: remove write permissions for wofklow building the PR preview --- .github/workflows/build_pr_preview.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build_pr_preview.yml b/.github/workflows/build_pr_preview.yml index 301a53a62d..4315a0f2a1 100644 --- a/.github/workflows/build_pr_preview.yml +++ b/.github/workflows/build_pr_preview.yml @@ -8,8 +8,7 @@ on: # Run when label is added or present and when pushing to the PR types: [labeled, opened, synchronize] -permissions: - contents: write +permissions: read-all jobs: build_preview: