diff --git a/.github/workflows/dispatch-ci.yml b/.github/workflows/dispatch-ci.yml index b9944c60d..f805c7509 100644 --- a/.github/workflows/dispatch-ci.yml +++ b/.github/workflows/dispatch-ci.yml @@ -5,12 +5,17 @@ on: schedule: - cron: '20 11 * * 2,3' +permissions: {} + jobs: dispatch-ci: name: Dispatch CI # Only run cron on the silverstripe account if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule') runs-on: ubuntu-latest + permissions: + contents: read + actions: write steps: - name: Dispatch CI uses: silverstripe/gha-dispatch-ci@v1 diff --git a/.github/workflows/keepalive.yml b/.github/workflows/keepalive.yml index c6f190ff0..346567650 100644 --- a/.github/workflows/keepalive.yml +++ b/.github/workflows/keepalive.yml @@ -6,12 +6,16 @@ on: - cron: '30 6 11 * *' workflow_dispatch: +permissions: {} + jobs: keepalive: name: Keepalive # Only run cron on the silverstripe account if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule') runs-on: ubuntu-latest + permissions: + actions: write steps: - name: Keepalive uses: silverstripe/gha-keepalive@v1 diff --git a/.github/workflows/merge-up.yml b/.github/workflows/merge-up.yml index 3a86b1d79..baa865559 100644 --- a/.github/workflows/merge-up.yml +++ b/.github/workflows/merge-up.yml @@ -6,12 +6,18 @@ on: - cron: '20 11 * * 6' workflow_dispatch: +permissions: {} + jobs: merge-up: name: Merge-up # Only run cron on the silverstripe account if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule') runs-on: ubuntu-latest + permissions: + contents: write + actions: write + pull-requests: write steps: - name: Merge-up uses: silverstripe/gha-merge-up@v1 diff --git a/.github/workflows/update-js.yml b/.github/workflows/update-js.yml index 859370b02..efb8da3b3 100644 --- a/.github/workflows/update-js.yml +++ b/.github/workflows/update-js.yml @@ -6,6 +6,8 @@ on: schedule: - cron: '30 6 1 */3 *' +permissions: {} + jobs: update-js: name: Update JS