pypa · naveensrinivasan · Jul 3, 2022 · pradyunsg · Jul 8, 2022 · naveensrinivasan
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,6 +32,9 @@ jobs:
  - run: nox -s docs
 
  determine-changes:
+ permissions:
+ contents: read # for dorny/paths-filter to fetch a list of changed files
+ pull-requests: read # for dorny/paths-filter to read pull requests
  runs-on: ubuntu-latest
  outputs:
  tests: ${{ steps.filter.outputs.tests }}

diff --git a/.github/workflows/news-file.yml b/.github/workflows/news-file.yml
@@ -4,6 +4,9 @@ on:
  pull_request:
  types: [labeled, unlabeled, opened, reopened, synchronize]
 
+permissions:
+ contents: read
+
 jobs:
  check-news-entry:
  name: news entry