Merge pull request #765 from Adyen/set-workflow-permissions

gcatanese · web-flow · commit 1da97f477c1d · 2025-05-21T09:43:45.000+02:00
Vulnerability fix: set workflow permissions
diff --git a/.github/workflows/label_new_issues.yml b/.github/workflows/label_new_issues.yml
@@ -3,6 +3,9 @@ on:
   issues:
     types: [opened]
 
+permissions:
+  issues: write
+  
 jobs:
   add-label:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -11,6 +11,9 @@ on:
       - develop
   workflow_dispatch: {}
 
+permissions:
+  contents: read  
+
 jobs:
   php-test:
     name: PHP Test
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -3,6 +3,9 @@ on:
   schedule:
     - cron: '30 8 * * *'
 
+permissions:
+  issues: write
+  
 jobs:
   stale:
     runs-on: ubuntu-latest
@@ -24,4 +27,4 @@ jobs:
           days-before-pr-close: 30
           exempt-pr-labels: 'do not stale'
           only-pr-labels: awaiting-changes,blocked,work-in-progress,awaiting-upstream
-          remove-pr-stale-when-updated: true
+          remove-pr-stale-when-updated: true
