CI: add permissions and limit triggers to main (#1669)

Author: XhmikosR

.github/workflows/release-notes.yml

@@ -6,9 +6,17 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   update_release_draft:
+    permissions:
+      # allow release-drafter/release-drafter to create GitHub releases and add labels to PRs
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
+    if: github.repository == 'twbs/icons'
     steps:
       - uses: release-drafter/release-drafter@v5
         env:

.github/workflows/test.yml

@@ -2,15 +2,19 @@ name: Tests
 
 on:
   push:
-    branches-ignore:
-      - "dependabot/**"
+    branches:
+      - main
+      - "!dependabot/**"
   pull_request:
   workflow_dispatch:
 
 env:
   FORCE_COLOR: 2
   NODE: 18
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest