github: Specify required permissions for each job (#724)

bkeryan · web-flow · commit 4c3211e4a808 · 2025-05-22T09:13:34.000-05:00
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -27,4 +27,7 @@ jobs:
     name: Report test results
     uses: ./.github/workflows/report_test_results.yml
     needs: [run_unit_tests, run_system_tests]
-    if: always()
+    if: always()
+    permissions:
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/PR.yml b/.github/workflows/PR.yml
@@ -16,3 +16,6 @@ jobs:
   run_ci:
     name: Run CI
     uses: ./.github/workflows/CI.yml
+    permissions:
+      checks: write
+      pull-requests: write
diff --git a/.github/workflows/report_test_results.yml b/.github/workflows/report_test_results.yml
@@ -4,14 +4,13 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  checks: write
-  pull-requests: write
-
 jobs:
   report_test_results:
     name: Report test results
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
     steps:
       - name: Check out repo
         uses: actions/checkout@v4
