diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3476cf7..08aa0ac 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,6 +7,9 @@ on: branches: - main +permissions: + contents: read + jobs: ci: runs-on: ubuntu-latest diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml index 1db6484..fb72636 100644 --- a/.github/workflows/pr_title.yml +++ b/.github/workflows/pr_title.yml @@ -7,6 +7,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: name: Validate PR title @@ -41,7 +44,7 @@ jobs: # special "[WIP]" prefix to indicate this state. This will avoid the # validation of the PR title and the pull request checks remain pending. # Note that a second check will be reported if this is enabled. - wip: true + wip: false # When using "Squash and merge" on a PR with only one commit, GitHub # will suggest using that commit message instead of the PR title for the # merge commit, and it's easy to commit this by mistake. Enable this option diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ff4aeb3..0df05c8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,6 +4,9 @@ on: tags: - "v*.*.*" +permissions: + contents: read + jobs: publish: name: Publish to npm diff --git a/.github/workflows/regen.yml b/.github/workflows/regen.yml index 609935c..2f8ef09 100644 --- a/.github/workflows/regen.yml +++ b/.github/workflows/regen.yml @@ -4,6 +4,9 @@ on: - cron: "0 8 * * *" workflow_dispatch: +permissions: + contents: read + jobs: regen: timeout-minutes: 30 diff --git a/.github/workflows/release_pr.yml b/.github/workflows/release_pr.yml index a431fe5..5cbe3ae 100644 --- a/.github/workflows/release_pr.yml +++ b/.github/workflows/release_pr.yml @@ -4,6 +4,9 @@ on: branches: - main +permissions: + contents: read + jobs: release-please: runs-on: ubuntu-latest