You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by da...@apache.org on 2022/10/06 14:11:14 UTC
[beam] branch users/damccorm/GhTokenScope created (now 7a7d6895dbb)
This is an automated email from the ASF dual-hosted git repository.
damccorm pushed a change to branch users/damccorm/GhTokenScope
in repository https://gitbox.apache.org/repos/asf/beam.git
at 7a7d6895dbb Grant actions using GITHUB_TOKEN the appropriate permission set
This branch includes the following new commits:
new 7a7d6895dbb Grant actions using GITHUB_TOKEN the appropriate permission set
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[beam] 01/01: Grant actions using GITHUB_TOKEN the appropriate permission set
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
damccorm pushed a commit to branch users/damccorm/GhTokenScope
in repository https://gitbox.apache.org/repos/asf/beam.git
commit 7a7d6895dbba8c3868e62eb61a29d0cdf722e2f5
Author: Danny McCormick <da...@google.com>
AuthorDate: Thu Oct 6 10:11:00 2022 -0400
Grant actions using GITHUB_TOKEN the appropriate permission set
---
.github/workflows/cancel.yml | 6 ++++++
.github/workflows/pr-bot-new-prs.yml | 6 ++++++
.github/workflows/pr-bot-prs-needing-attention.yml | 6 ++++++
.github/workflows/pr-bot-update-reviewers.yml | 6 ++++++
.github/workflows/triaged-on-assign.yml | 2 ++
5 files changed, 26 insertions(+)
diff --git a/.github/workflows/cancel.yml b/.github/workflows/cancel.yml
index 0a182fd4f5b..df9172473f9 100644
--- a/.github/workflows/cancel.yml
+++ b/.github/workflows/cancel.yml
@@ -27,6 +27,12 @@ on:
jobs:
cancel-duplicate-workflow-runs:
+ permissions:
+ actions: write
+ checks: read
+ contents: read
+ issues: write
+ pull-requests: write
name: "Cancel duplicate workflow runs"
runs-on: ubuntu-latest
steps:
diff --git a/.github/workflows/pr-bot-new-prs.yml b/.github/workflows/pr-bot-new-prs.yml
index b5a31ec4725..68bdd418549 100644
--- a/.github/workflows/pr-bot-new-prs.yml
+++ b/.github/workflows/pr-bot-new-prs.yml
@@ -23,6 +23,12 @@ on:
jobs:
process-prs:
+ permissions:
+ contents: write
+ pull-requests: write
+ checks: read
+ issues: read
+ statuses: read
# Don't run on forks
if: github.repository == 'apache/beam'
runs-on: ubuntu-latest
diff --git a/.github/workflows/pr-bot-prs-needing-attention.yml b/.github/workflows/pr-bot-prs-needing-attention.yml
index e5e9e951d3e..27dc3d5854a 100644
--- a/.github/workflows/pr-bot-prs-needing-attention.yml
+++ b/.github/workflows/pr-bot-prs-needing-attention.yml
@@ -23,6 +23,12 @@ on:
jobs:
process-prs:
+ permissions:
+ contents: write
+ pull-requests: write
+ checks: read
+ issues: read
+ statuses: read
# Don't run on forks
if: github.repository == 'apache/beam'
runs-on: ubuntu-latest
diff --git a/.github/workflows/pr-bot-update-reviewers.yml b/.github/workflows/pr-bot-update-reviewers.yml
index d8414616fc5..924838f5de5 100644
--- a/.github/workflows/pr-bot-update-reviewers.yml
+++ b/.github/workflows/pr-bot-update-reviewers.yml
@@ -23,6 +23,12 @@ on:
jobs:
update-reviewers:
+ permissions:
+ contents: write
+ pull-requests: write
+ checks: read
+ issues: read
+ statuses: read
# Don't run on forks
if: github.repository == 'apache/beam'
runs-on: ubuntu-latest
diff --git a/.github/workflows/triaged-on-assign.yml b/.github/workflows/triaged-on-assign.yml
index 31b059fe60b..0efbee0d92b 100644
--- a/.github/workflows/triaged-on-assign.yml
+++ b/.github/workflows/triaged-on-assign.yml
@@ -20,6 +20,8 @@ on:
jobs:
assign:
+ permissions:
+ issues: write
name: Mark issue as triaged when assigned
runs-on: ubuntu-latest
steps: