Merge pull request #896 from krakend/add_workflows_permissions

Add permissions to label workflows
krakend · Jul 2, 2024 · 1de5eca · 1de5eca
2 parents 21768ff + 0d7076d
commit 1de5eca
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml
@@ -4,6 +4,6 @@ on:
 name: Issue and PR hygiene
 jobs:
   stale:
-    uses: krakendio/.github/.github/workflows/stale.yml@main
+    uses: krakend/.github/.github/workflows/stale.yml@main
   lock-threads:
-    uses: krakendio/.github/.github/workflows/lock-threads.yml@main
+    uses: krakend/.github/.github/workflows/lock-threads.yml@main
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
@@ -6,4 +6,7 @@ on:
     types: [labeled, unlabeled]
 jobs:
   stale:
-    uses: krakendio/.github/.github/workflows/label-commenter.yml@main
+    uses: krakend/.github/.github/workflows/label-commenter.yml@main
+    permissions:
+      issues: write
+      pull-requests: write
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -16,10 +16,15 @@ jobs:
   security-repo-scan:
     name: security-repo-scan
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
     steps:
-      - name: Checkout 
+      - name: Checkout
         uses: actions/checkout@v3
-      
+
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
         with:
@@ -46,7 +51,7 @@ jobs:
             dockerfile: Dockerfile
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout 
+      - name: Checkout
         uses: actions/checkout@v3
 
       - name: Set the environment variables