ci: fix Github actions permissions (#5386)

* ci: fix github actions permissions * ci: add contents:write permissions
eclipse-kura · Oct 1, 2024 · da5960b · da5960b
1 parent 61f5303
commit da5960b
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 3 deletions.
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -5,6 +5,10 @@ on:
       - closed
       - labeled
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   backport:
     name: Backport

diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
@@ -12,6 +12,11 @@ on:
           description: Overwrite the content of TODO fields in generated release notes (typically needed for RC1 notes)
           required: true
           default: false
+
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   main:
     name: Generate Release Notes
@@ -34,7 +39,7 @@ jobs:
           -Pjava8
         )\" >> \"${GITHUB_OUTPUT}\""
       shell: bash
-    
+
     - name: Check file existence
       id: check_files
       continue-on-error: true
@@ -70,7 +75,7 @@ jobs:
         -t .github/release_notes_template/template.hbs \
         -hhf .github/release_notes_template/helper.hbs \
         -of ./kura/distrib/RELEASE_NOTES.txt
-    
+
     - name: Files exist write description
       id: get-description
       if: steps.check_files.outputs.exists == 'true' && github.event.inputs.overwrite == 'false'
@@ -80,7 +85,7 @@ jobs:
           awk 'NR==FNR { desc = (desc == "" ? $0 : desc "\n" $0); next } /\[TODO\]/ && !done { sub(/\[TODO\]/, desc); done=1 } 1' target-env.txt done=0 ./kura/distrib/RELEASE_NOTES.txt > tmpfile && mv tmpfile ./kura/distrib/RELEASE_NOTES.txt
           awk 'NR==FNR { desc = (desc == "" ? $0 : desc "\n" $0); next } /\[TODO\]/ && !done { sub(/\[TODO\]/, desc); done=1 } 1' known-issues.txt done=0 ./kura/distrib/RELEASE_NOTES.txt > tmpfile && mv tmpfile ./kura/distrib/RELEASE_NOTES.txt
       shell: bash
-        
+
     - name: Files exist clean up
       id: clean-up-files
       if: steps.check_files.outputs.exists == 'true' && github.event.inputs.overwrite == 'false'

diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml
@@ -3,6 +3,10 @@ on:
   schedule:
     - cron: "30 1 * * *"
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   close-issues:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/version-uptick.yml b/.github/workflows/version-uptick.yml
@@ -18,6 +18,10 @@ on:
             - uptick_snapshot_to_release.yml
           required: true
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   uptick:
     runs-on: ubuntu-latest