Add permissions

jsoref · jsoref · commit f3a70079c6a3 · 2024-02-09T00:36:44.000-05:00
diff --git a/.github/workflows/add_to_octokit_project.yml b/.github/workflows/add_to_octokit_project.yml
@@ -6,6 +6,10 @@ on:
   pull_request_target:
     types: [reopened, opened]
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   add-to-project:
     name: Add issue to project
@@ -14,7 +18,7 @@ jobs:
     steps:
       - uses: actions/add-to-project@v0.5.0
         with:
-          project-url: https://github.com/orgs/octokit/projects/10
-          github-token: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN }}
+          project-url: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN && 'https://github.com/orgs/octokit/projects/10' || '' }}
+          github-token: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN || github.token }}
           labeled: "Status: Stale"
           label-operator: NOT
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -10,6 +10,11 @@ on:
   schedule:
     - cron: '0 13 * * 5'
 
+permissions:
+  contents: read
+  actions: read
+  security-events: write
+
 jobs:
   CodeQL-Build:
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -6,6 +6,10 @@ name: Release
       - next
       - beta
       - "*.x"
+
+permissions:
+  contents: read
+
 jobs:
   release:
     name: release
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -8,6 +8,10 @@ name: Test
     types:
       - opened
       - synchronize
+
+permissions:
+  contents: read
+
 jobs:
   test_matrix:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/update-prettier.yml b/.github/workflows/update-prettier.yml
@@ -3,6 +3,10 @@ name: Update Prettier
   push:
     branches:
       - renovate/prettier-*
+
+permissions:
+  contents: read
+
 jobs:
   update_prettier:
     runs-on: ubuntu-latest
