From c8556bda1854e345faed020a5190a3ec0f86145b Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Wed, 24 Aug 2022 16:05:17 -0700 Subject: [GitHub][workflows] Add minimum GitHub token permissions Signed-off-by: Varun Sharma --- .github/workflows/documentation-creation.yml | 3 +++ .github/workflows/gh-action-weblate-upload.yml | 3 +++ .github/workflows/sync-addon-metadata-translations.yml | 6 ++++++ 3 files changed, 12 insertions(+) (limited to '.github') diff --git a/.github/workflows/documentation-creation.yml b/.github/workflows/documentation-creation.yml index ffb41c5286..7daef47402 100644 --- a/.github/workflows/documentation-creation.yml +++ b/.github/workflows/documentation-creation.yml @@ -4,6 +4,9 @@ on: push: branches: [ master, main, Matrix, Leia ] +permissions: + contents: read + jobs: build: if: github.repository == 'xbmc/xbmc' diff --git a/.github/workflows/gh-action-weblate-upload.yml b/.github/workflows/gh-action-weblate-upload.yml index 6f7419edcb..05b8e34038 100644 --- a/.github/workflows/gh-action-weblate-upload.yml +++ b/.github/workflows/gh-action-weblate-upload.yml @@ -9,6 +9,9 @@ on: paths: - "addons/resource.language.en_gb/resources/strings.po" - ".github/workflows/gh-action-weblate-upload.yml" +permissions: + contents: read + jobs: weblate: if: github.repository == 'xbmc/xbmc' diff --git a/.github/workflows/sync-addon-metadata-translations.yml b/.github/workflows/sync-addon-metadata-translations.yml index a33becfbb9..5807a0209c 100644 --- a/.github/workflows/sync-addon-metadata-translations.yml +++ b/.github/workflows/sync-addon-metadata-translations.yml @@ -15,8 +15,14 @@ on: - '**screensaver.xbmc.builtin.dim**addon.xml' - '**screensaver.xbmc.builtin.dim**resource.language.**strings.po' +permissions: + contents: read + jobs: default: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR if: github.repository == 'xbmc/xbmc' runs-on: ubuntu-latest -- cgit v1.2.3