diff --git a/.github/workflows/createReminder.yml b/.github/workflows/createReminder.yml index b779e19d5..79f8a30bb 100644 --- a/.github/workflows/createReminder.yml +++ b/.github/workflows/createReminder.yml @@ -1,5 +1,8 @@ name: 'Create reminder' +permissions: + contents: read + on: issue_comment: types: [created, edited] diff --git a/.github/workflows/processReminders.yml b/.github/workflows/processReminders.yml index 65322ebd7..9bf1a17a6 100644 --- a/.github/workflows/processReminders.yml +++ b/.github/workflows/processReminders.yml @@ -1,5 +1,8 @@ name: 'Process reminders' +permissions: + contents: read + on: schedule: - cron: '*/15 * * * *' diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index f610e1b53..2114de9b3 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -4,6 +4,10 @@ on: issue_comment: types: [created] + +permissions: + contents: read + name: Automatic Rebase jobs: rebase: diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 5de410d27..df911b167 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -1,19 +1,13 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT license. -name: Update Release Build Parameters +name: Daily Updates + +permissions: + contents: read on: workflow_dispatch: - push: - paths: - - '.github/workflows/update.yml' - branches: - - master - - add-gh-action - pull_request: - paths: - - '.github/workflows/update.yml' schedule: # At 20:20 UTC on every day-of-week from Monday through Friday. - cron: '0 0/4 * * *' @@ -27,6 +21,9 @@ jobs: name: Update Release Build Parameters timeout-minutes: 15 runs-on: ubuntu-20.04 + permissions: + pull-requests: write + contents: write # for peter-evans/create-pull-request to create branch steps: - name: Checkout uses: actions/checkout@v2 @@ -37,23 +34,24 @@ jobs: - name: Create Pull Request if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' id: cpr - uses: peter-evans/create-pull-request@v3 - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + uses: peter-evans/create-pull-request@v4 with: + token: "${{ secrets.PR_PAT }}" commit-message: "Update the release build yaml with the latest versions" - committer: GitHub - author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> + committer: PwshBot + author: PwshBot title: "Update the release build yaml with the latest versions" - assignees: travisez13 - reviewers: travisez13 base: master draft: false branch: update-release-build + push-to-fork: pwshBot/PowerShell-Docker update-matrix-json: name: Update Matrix Json timeout-minutes: 15 runs-on: ubuntu-20.04 + permissions: + pull-requests: write + contents: write # for peter-evans/create-pull-request to create branch steps: - name: Checkout uses: actions/checkout@v2 @@ -70,16 +68,14 @@ jobs: - name: Create Pull Request if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' id: cpr - uses: peter-evans/create-pull-request@v3 - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + uses: peter-evans/create-pull-request@v4 with: + token: "${{ secrets.PR_PAT }}" commit-message: "Update the matrix json" - committer: GitHub - author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> + committer: PwshBot + author: PwshBot title: "Update the matrix json" - assignees: travisez13 - reviewers: travisez13 base: master draft: false branch: update-matrix-json + push-to-fork: pwshBot/PowerShell-Docker