From f6687bb1e61f49f0dd7e312ac2f6e213ea9fea8c Mon Sep 17 00:00:00 2001 From: David Knaack Date: Tue, 26 May 2026 13:29:05 +0200 Subject: [PATCH 1/2] chore: [Fix] Set explicit workflow permissions --- .github/workflows/build_documentation.yml | 5 +++++ .github/workflows/release.yml | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/.github/workflows/build_documentation.yml b/.github/workflows/build_documentation.yml index adc30b18c4..1084fa4353 100644 --- a/.github/workflows/build_documentation.yml +++ b/.github/workflows/build_documentation.yml @@ -4,9 +4,14 @@ on: pull_request: branches: [main] +permissions: {} + jobs: checks: runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: read steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7b3bec93ba..d50b98156e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,9 +5,13 @@ on: branches: [main] workflow_dispatch: +permissions: {} + jobs: release: runs-on: ubuntu-latest + permissions: + contents: write steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 From 8615ee5dfbebe8bf6eb96c6c36875a4b5d1d4a88 Mon Sep 17 00:00:00 2001 From: David Knaack Date: Wed, 27 May 2026 10:36:30 +0200 Subject: [PATCH 2/2] chore: Handle reviewdog --- .github/workflows/build_documentation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_documentation.yml b/.github/workflows/build_documentation.yml index 1084fa4353..c848040bb1 100644 --- a/.github/workflows/build_documentation.yml +++ b/.github/workflows/build_documentation.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - pull-requests: read + pull-requests: write # for reviewdog/vale steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2