File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -2,6 +2,8 @@ name: 'Build w/ React18 & 19'
22
33on :
44 workflow_call :
5+ permissions :
6+ contents : read
57
68jobs :
79 build :
Original file line number Diff line number Diff line change @@ -3,6 +3,10 @@ name: 'chromatic'
33on :
44 push :
55 workflow_dispatch :
6+ permissions :
7+ contents : read
8+ pull-requests : write # Chromatic posts PR comments
9+ statuses : write # Chromatic posts commit statuses
610
711jobs :
812 chromatic :
Original file line number Diff line number Diff line change 1313 - ' examples/**/*'
1414 - ' templates/**/*'
1515 - ' patterns/navigation-layout/**/*'
16+ permissions :
17+ contents : read
1618
1719jobs :
1820 examples :
Original file line number Diff line number Diff line change 1717jobs :
1818 reuse-compliance :
1919 runs-on : ubuntu-latest
20+ permissions :
21+ contents : read
2022 steps :
2123 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2224
2628 check-bundle-size :
2729 if : ${{ github.base_ref == 'main' }} # only for PRs targeting main branch
2830 runs-on : ubuntu-latest
31+ permissions :
32+ contents : read
33+ pull-requests : write # compressed-size-action posts PR comments
2934 steps :
3035 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3136
@@ -37,14 +42,22 @@ jobs:
3742 clean-script : ' clean:remove-modules'
3843
3944 build :
45+ permissions :
46+ contents : read
4047 uses : ' ./.github/workflows/build.yml'
4148
4249 test :
4350 needs : ['build']
51+ permissions :
52+ contents : read
53+ pull-requests : write # coveralls posts coverage status
54+ checks : write # coveralls creates check runs
4455 uses : ' ./.github/workflows/test.yml'
4556
4657 lint :
4758 runs-on : ubuntu-latest
59+ permissions :
60+ contents : read
4861 env :
4962 CYPRESS_INSTALL_BINARY : 0
5063 steps :
6679 deploy-next-docs :
6780 needs : ['build']
6881 runs-on : ubuntu-latest
82+ permissions :
83+ contents : write # pushes to gh-pages branch
6984 env :
7085 CYPRESS_INSTALL_BINARY : 0
7186 steps :
Original file line number Diff line number Diff line change 77 schedule :
88 - cron : ' 12 3 * * *'
99 workflow_dispatch :
10+ permissions :
11+ contents : read
1012
1113jobs :
1214 piper-oss :
Original file line number Diff line number Diff line change @@ -2,6 +2,9 @@ name: 'Issue Comments'
22
33on :
44 workflow_dispatch :
5+ # All write operations use secrets.ACCESS_TOKEN (PAT), not GITHUB_TOKEN
6+ permissions :
7+ contents : read
58
69jobs :
710 issue-comment :
Original file line number Diff line number Diff line change 1414
1515jobs :
1616 test :
17+ permissions :
18+ contents : read
1719 uses : ' ./.github/workflows/test.yml'
1820 with :
1921 reportCoverage : false
Original file line number Diff line number Diff line change 2727jobs :
2828 build :
2929 if : ${{ github.event.inputs.publish_only != 'true' }}
30+ permissions :
31+ contents : read
3032 uses : ' ./.github/workflows/build.yml'
3133
3234 test :
3335 if : ${{ github.event.inputs.publish_only != 'true' }}
3436 needs : ['build']
37+ permissions :
38+ contents : read
3539 uses : ' ./.github/workflows/test.yml'
3640 with :
3741 reportCoverage : false
Original file line number Diff line number Diff line change @@ -3,6 +3,9 @@ name: Mark and close stale issues
33on :
44 schedule :
55 - cron : ' 30 1 * * *'
6+ permissions :
7+ issues : write # Label, comment, and close stale issues
8+ pull-requests : write # Label, comment, and close stale PRs
69
710jobs :
811 stale :
Original file line number Diff line number Diff line change 77 default : true
88 type : boolean
99 required : false
10+ permissions :
11+ contents : read
12+ pull-requests : write # coveralls posts coverage status
13+ checks : write # coveralls creates check runs
1014
1115jobs :
1216 mcp-server :
You can’t perform that action at this time.
0 commit comments