Explicit permissions for GITHUB_TOKEN where write is needed

SonarSource · Sep 8, 2024 · 3caeac7 · 3caeac7
1 parent ef51d76
commit 3caeac7
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/.github/workflows/add_language.yml b/.github/workflows/add_language.yml
@@ -15,6 +15,9 @@ on:
 jobs:
   add_language_to_rule:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

diff --git a/.github/workflows/create_new_rspec.yml b/.github/workflows/create_new_rspec.yml
@@ -12,6 +12,9 @@ on:
 jobs:
   create_new_rule:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

diff --git a/.github/workflows/update_quickfix_status.yml b/.github/workflows/update_quickfix_status.yml
@@ -26,6 +26,9 @@ jobs:
   update_quickfix_status:
     name: Update quick fix status
     runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+      pull-requests: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps: