Skip to content

Commit 3574a09

Browse files
oshirohugooshirohugo
authored
Chore: Harden github token permissions (#1879)
1 parent b2b2f4c commit 3574a09

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

.github/workflows/ci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -432,6 +432,8 @@ jobs:
432432
with:
433433
app-id: ${{ env.GITHUB_APP_ID }}
434434
private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}
435+
permission-actions: read
436+
permission-contents: write
435437

436438
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
437439
with:

.github/workflows/lapo-create-pr.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,11 @@ jobs:
3636
with:
3737
app-id: ${{ env.GITHUB_APP_ID }}
3838
private-key: ${{ env.GITHUB_APP_PEM }}
39+
# Permissions necessary for grafana/lapo-docs/github-actions/create-docs-update-pr
40+
permission-actions: read
41+
permission-contents: write
42+
permission-pull-requests: write
43+
permission-issues: write
3944

4045

4146
# this allows to test both with manual trigger and repository_dispatch

0 commit comments

Comments
 (0)