Merge pull request #122 from 1Password/eddy/improve-workflows-permissions

edif2008 · web-flow · commit 1c586d3e2828 · 2025-07-15T16:05:34.000+02:00
Improve workflow permissions
diff --git a/.github/workflows/pr-check-signed-commits.yml b/.github/workflows/pr-check-signed-commits.yml
@@ -1,12 +1,14 @@
 name: Check signed commits in PR
+
 on: pull_request_target
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   build:
     name: Check signed commits in PR
-    permissions:
-      contents: read
-      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - name: Check signed commits in PR
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
@@ -1,8 +1,12 @@
+name: Open Release PR for review
+
 on:
   create:
     branches:
 
-name: Open Release PR for review
+permissions:
+  contents: read
+  pull-requests: write
 
 jobs:
   # This job is necessary because GitHub does not (yet) support
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,6 +5,9 @@ on:
     branches: main
     types: closed
 
+permissions:
+  contents: write
+
 jobs:
   release:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,11 +1,13 @@
 name: Tests
-permissions:
-  contents: read
+
 on:
   push:
     branches: main
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Test
