diff --git a/.github/workflows/browserstack.yml b/.github/workflows/browserstack.yml index 918e0a15219e..9a2fc91e56c3 100644 --- a/.github/workflows/browserstack.yml +++ b/.github/workflows/browserstack.yml @@ -8,6 +8,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: browserstack: runs-on: ubuntu-latest diff --git a/.github/workflows/bundlewatch.yml b/.github/workflows/bundlewatch.yml index 8159ae2da34f..2add86c49bc5 100644 --- a/.github/workflows/bundlewatch.yml +++ b/.github/workflows/bundlewatch.yml @@ -11,6 +11,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: bundlewatch: runs-on: ubuntu-latest diff --git a/.github/workflows/cspell.yml b/.github/workflows/cspell.yml index f79ffdb81d2f..1d946981c664 100644 --- a/.github/workflows/cspell.yml +++ b/.github/workflows/cspell.yml @@ -10,8 +10,15 @@ on: env: FORCE_COLOR: 2 +permissions: + contents: read + jobs: cspell: + permissions: + # allow streetsidesoftware/cspell-action to fetch files for commits and PRs + contents: read + pull-requests: read runs-on: ubuntu-latest steps: diff --git a/.github/workflows/css.yml b/.github/workflows/css.yml index 68323a975fd3..6bfde50af3dd 100644 --- a/.github/workflows/css.yml +++ b/.github/workflows/css.yml @@ -11,6 +11,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: css: runs-on: ubuntu-latest diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index a47d82fda904..bdeae6043da4 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -11,6 +11,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: docs: runs-on: ubuntu-latest diff --git a/.github/workflows/issue-close-require.yml b/.github/workflows/issue-close-require.yml index b251cd75ee0d..b5000d8b4350 100644 --- a/.github/workflows/issue-close-require.yml +++ b/.github/workflows/issue-close-require.yml @@ -4,8 +4,15 @@ on: schedule: - cron: "0 0 * * *" +permissions: + contents: read + jobs: issue-close-require: + permissions: + # allow actions-cool/issues-helper to update issues and PRs + issues: write + pull-requests: write runs-on: ubuntu-latest if: github.repository == 'twbs/bootstrap' steps: diff --git a/.github/workflows/issue-labeled.yml b/.github/workflows/issue-labeled.yml index fac58493b539..584879dd80cf 100644 --- a/.github/workflows/issue-labeled.yml +++ b/.github/workflows/issue-labeled.yml @@ -4,8 +4,15 @@ on: issues: types: [labeled] +permissions: + contents: read + jobs: issue-labeled: + permissions: + # allow actions-cool/issues-helper to update issues and PRs + issues: write + pull-requests: write if: github.repository == 'twbs/bootstrap' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index 724f16c62fb1..a8994b6cc3b1 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -11,8 +11,15 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: run: + permissions: + # allow coverallsapp/github-action to create new checks issues and fetch code + checks: write + contents: read name: JS Tests runs-on: ubuntu-latest diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b804462c9b73..51ee18999573 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -11,6 +11,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: lint: runs-on: ubuntu-latest diff --git a/.github/workflows/node-sass.yml b/.github/workflows/node-sass.yml index b0f9a72deead..dc687ca46b52 100644 --- a/.github/workflows/node-sass.yml +++ b/.github/workflows/node-sass.yml @@ -11,6 +11,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: css: runs-on: ubuntu-latest diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index bbd0a2448bfa..f620dd31d1f8 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -6,8 +6,15 @@ on: - main workflow_dispatch: +permissions: + contents: read + jobs: update_release_draft: + permissions: + # allow release-drafter/release-drafter to create GitHub releases and add labels to PRs + contents: write + pull-requests: write runs-on: ubuntu-latest if: github.repository == 'twbs/bootstrap' steps: