Set workflow permissions where required

This commit is contained in:
daz 2024-01-01 17:13:16 -07:00
parent a4107da76d
commit 72abd931ce
No known key found for this signature in database
4 changed files with 11 additions and 0 deletions

View file

@ -31,6 +31,8 @@ jobs:
dependency-graph:
uses: ./.github/workflows/integ-test-dependency-graph.yml
permissions:
contents: write
with:
cache-key-prefix: ${{github.run_number}}-

View file

@ -53,6 +53,8 @@ jobs:
dependency-graph:
needs: build-distribution
uses: ./.github/workflows/integ-test-dependency-graph.yml
permissions:
contents: write
with:
runner-os: '["ubuntu-latest"]'
download-dist: true

View file

@ -2,6 +2,10 @@ name: Demo adding Build Scan® comment to PR
on:
pull_request:
types: [assigned, review_requested]
permissions:
pull-requests: write
jobs:
successful-build-with-always-comment:
runs-on: ubuntu-latest

View file

@ -12,6 +12,9 @@ on:
type: boolean
default: false
permissions:
contents: write
env:
DOWNLOAD_DIST: ${{ inputs.download-dist }}
GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}