CI: Add GitHub token permissions for workflows (#36325)

Co-authored-by: XhmikosR <[email protected]>
author: Varun Sharma <[email protected]> 2022-12-16 12:50:12 +0530
committer: GitHub <[email protected]> 2022-12-16 09:20:12 +0200
commit: 471edac3d3cae51d415f03d941af1f27e72c9198 (patch)
tree: 7d3469f76a732a43ae1b4102249206230744937e /.github
parent: af34b2b56a3628189ff0997593dc07f349b9d54e (diff)
download: bootstrap-471edac3d3cae51d415f03d941af1f27e72c9198.tar.xz
bootstrap-471edac3d3cae51d415f03d941af1f27e72c9198.zip
11 files changed, 53 insertions, 0 deletions
diff --git a/.github/workflows/browserstack.yml b/.github/workflows/browserstack.yml
index 918e0a152..9a2fc91e5 100644
--- a/.github/workflows/browserstack.yml
+++ b/.github/workflows/browserstack.yml
@@ -8,6 +8,9 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   browserstack:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/bundlewatch.yml b/.github/workflows/bundlewatch.yml
index 8159ae2da..2add86c49 100644
--- a/.github/workflows/bundlewatch.yml
+++ b/.github/workflows/bundlewatch.yml
@@ -11,6 +11,9 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   bundlewatch:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/cspell.yml b/.github/workflows/cspell.yml
index f79ffdb81..1d946981c 100644
--- a/.github/workflows/cspell.yml
+++ b/.github/workflows/cspell.yml
@@ -10,8 +10,15 @@ on:
 env:
   FORCE_COLOR: 2
 
+permissions:
+  contents: read
+
 jobs:
   cspell:
+    permissions:
+      # allow streetsidesoftware/cspell-action to fetch files for commits and PRs
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
 
     steps:
diff --git a/.github/workflows/css.yml b/.github/workflows/css.yml
index 68323a975..6bfde50af 100644
--- a/.github/workflows/css.yml
+++ b/.github/workflows/css.yml
@@ -11,6 +11,9 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   css:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index a47d82fda..bdeae6043 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -11,6 +11,9 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   docs:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/issue-close-require.yml b/.github/workflows/issue-close-require.yml
index b251cd75e..b5000d8b4 100644
--- a/.github/workflows/issue-close-require.yml
+++ b/.github/workflows/issue-close-require.yml
@@ -4,8 +4,15 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   issue-close-require:
+    permissions:
+      # allow actions-cool/issues-helper to update issues and PRs
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     if: github.repository == 'twbs/bootstrap'
     steps:
diff --git a/.github/workflows/issue-labeled.yml b/.github/workflows/issue-labeled.yml
index fac58493b..584879dd8 100644
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -4,8 +4,15 @@ on:
   issues:
     types: [labeled]
 
+permissions:
+  contents: read
+
 jobs:
   issue-labeled:
+    permissions:
+      # allow actions-cool/issues-helper to update issues and PRs
+      issues: write
+      pull-requests: write
     if: github.repository == 'twbs/bootstrap'
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml
index 724f16c62..a8994b6cc 100644
--- a/.github/workflows/js.yml
+++ b/.github/workflows/js.yml
@@ -11,8 +11,15 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   run:
+    permissions:
+      # allow coverallsapp/github-action to create new checks issues and fetch code
+      checks: write
+      contents: read
     name: JS Tests
     runs-on: ubuntu-latest
 
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index b804462c9..51ee18999 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -11,6 +11,9 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/node-sass.yml b/.github/workflows/node-sass.yml
index b0f9a72de..dc687ca46 100644
--- a/.github/workflows/node-sass.yml
+++ b/.github/workflows/node-sass.yml
@@ -11,6 +11,9 @@ env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   css:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
index bbd0a2448..f620dd31d 100644
--- a/.github/workflows/release-notes.yml
+++ b/.github/workflows/release-notes.yml
@@ -6,8 +6,15 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   update_release_draft:
+    permissions:
+      # allow release-drafter/release-drafter to create GitHub releases and add labels to PRs
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     if: github.repository == 'twbs/bootstrap'
     steps:
author	Varun Sharma <[email protected]>	2022-12-16 12:50:12 +0530
committer	GitHub <[email protected]>	2022-12-16 09:20:12 +0200
commit	471edac3d3cae51d415f03d941af1f27e72c9198 (patch)
tree	7d3469f76a732a43ae1b4102249206230744937e /.github
parent	af34b2b56a3628189ff0997593dc07f349b9d54e (diff)
download	bootstrap-471edac3d3cae51d415f03d941af1f27e72c9198.tar.xz bootstrap-471edac3d3cae51d415f03d941af1f27e72c9198.zip