diff --git a/.github/workflows/ci_file_health.yaml b/.github/workflows/ci_file_health.yaml index a46290f53..eb151513c 100644 --- a/.github/workflows/ci_file_health.yaml +++ b/.github/workflows/ci_file_health.yaml @@ -2,6 +2,8 @@ name: CI - File health on: [pull_request, push] +permissions: {} + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: ${{ github.head_ref != '' }} diff --git a/.github/workflows/ci_macos.yaml b/.github/workflows/ci_macos.yaml index d15af6157..9559d5daa 100644 --- a/.github/workflows/ci_macos.yaml +++ b/.github/workflows/ci_macos.yaml @@ -2,6 +2,9 @@ name: CI - macOS on: [pull_request, push] +permissions: + actions: write + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: ${{ github.head_ref != '' }} diff --git a/.github/workflows/ci_ubuntu.yaml b/.github/workflows/ci_ubuntu.yaml index 053077ef4..fb522bb8a 100644 --- a/.github/workflows/ci_ubuntu.yaml +++ b/.github/workflows/ci_ubuntu.yaml @@ -2,6 +2,9 @@ name: CI - Ubuntu on: [pull_request, push] +permissions: + actions: write + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: ${{ github.head_ref != '' }} diff --git a/.github/workflows/ci_webui.yaml b/.github/workflows/ci_webui.yaml index 18d0e985c..335cfe6ad 100644 --- a/.github/workflows/ci_webui.yaml +++ b/.github/workflows/ci_webui.yaml @@ -2,6 +2,8 @@ name: CI - WebUI on: [pull_request, push] +permissions: {} + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: ${{ github.head_ref != '' }} diff --git a/.github/workflows/ci_windows.yaml b/.github/workflows/ci_windows.yaml index bca52a8e1..611c1cc2a 100644 --- a/.github/workflows/ci_windows.yaml +++ b/.github/workflows/ci_windows.yaml @@ -2,6 +2,9 @@ name: CI - Windows on: [pull_request, push] +permissions: + actions: write + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: ${{ github.head_ref != '' }} diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index ad243a915..22fbc478e 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -5,6 +5,8 @@ on: - cron: '0 0 1 * *' # Monthly (1st day of month at midnight) workflow_dispatch: # Mainly for testing. Don't forget the Coverity usage limits. +permissions: {} + jobs: coverity_scan: name: Scan diff --git a/.github/workflows/stale_bot.yaml b/.github/workflows/stale_bot.yaml index 4cb991b87..93fad6070 100644 --- a/.github/workflows/stale_bot.yaml +++ b/.github/workflows/stale_bot.yaml @@ -4,6 +4,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + pull-requests: write + jobs: stale: runs-on: ubuntu-latest