diff --git a/.github/workflows/check-bun-dependencies.yml b/.github/workflows/check-bun-dependencies.yml index 7948077..f87e507 100644 --- a/.github/workflows/check-bun-dependencies.yml +++ b/.github/workflows/check-bun-dependencies.yml @@ -3,6 +3,9 @@ on: workflow_dispatch: schedule: - cron: "0 0 * * *" +permissions: + contents: read + pull-requests: write jobs: call-check-bun-dependencies: uses: flowscripter/.github/.github/workflows/check-bun-dependencies.yml@v1 diff --git a/.github/workflows/lint-pr-message.yml b/.github/workflows/lint-pr-message.yml index 8d79430..1f8f1c6 100644 --- a/.github/workflows/lint-pr-message.yml +++ b/.github/workflows/lint-pr-message.yml @@ -5,6 +5,8 @@ on: - opened - edited - synchronize +permissions: + contents: read jobs: call-lint-pr-message: uses: flowscripter/.github/.github/workflows/lint-pr-message.yml@v1 diff --git a/.github/workflows/release-bun-executable.yml b/.github/workflows/release-bun-executable.yml index 82a4be7..a39cd48 100644 --- a/.github/workflows/release-bun-executable.yml +++ b/.github/workflows/release-bun-executable.yml @@ -2,6 +2,12 @@ name: release-bun-executable on: push: branches: [main] +permissions: + contents: write + issues: write + pull-requests: write + id-token: write + pages: write jobs: call-release-bun-executable: uses: flowscripter/.github/.github/workflows/release-bun-executable.yml@v1 diff --git a/.github/workflows/validate-bun-executable-pr.yml b/.github/workflows/validate-bun-executable-pr.yml index 7897654..a0fe86a 100644 --- a/.github/workflows/validate-bun-executable-pr.yml +++ b/.github/workflows/validate-bun-executable-pr.yml @@ -2,6 +2,8 @@ name: validate-bun-executable-pr on: pull_request: branches: [main] +permissions: + contents: read jobs: call-validate-bun-executable-pr: uses: flowscripter/.github/.github/workflows/validate-bun-executable-pr.yml@v1