3
0
Fork 0
forked from mirrors/nixpkgs

.github/workflows: fix permissions

the merge actions comment on pull requests, seems this was broken by 2c71278a23

also:
- fix permissions on new manual rendering action
- drop unnecessary issues permission from the terraform action
This commit is contained in:
zowoq 2022-09-11 17:01:47 +10:00
parent 88199c6df9
commit bbe49339b8
4 changed files with 4 additions and 5 deletions

View file

@ -13,7 +13,7 @@ permissions:
jobs:
check-rendering-equivalence:
permissions:
issues: write # for peter-evans/create-or-update-comment to create or update comment
pull-requests: write # for peter-evans/create-or-update-comment to create or update comment
if: github.repository_owner == 'NixOS'
runs-on: ubuntu-latest
steps:

View file

@ -21,7 +21,7 @@ jobs:
periodic-merge:
permissions:
contents: write # for devmasx/merge-branch to merge branches
issues: write # for peter-evans/create-or-update-comment to create or update comment
pull-requests: write # for peter-evans/create-or-update-comment to create or update comment
if: github.repository_owner == 'NixOS'
runs-on: ubuntu-latest
strategy:

View file

@ -21,7 +21,7 @@ jobs:
periodic-merge:
permissions:
contents: write # for devmasx/merge-branch to merge branches
issues: write # for peter-evans/create-or-update-comment to create or update comment
pull-requests: write # for peter-evans/create-or-update-comment to create or update comment
if: github.repository_owner == 'NixOS'
runs-on: ubuntu-latest
strategy:

View file

@ -12,8 +12,7 @@ jobs:
tf-providers:
permissions:
contents: write # for peter-evans/create-pull-request to create branch
issues: write # for peter-evans/create-or-update-comment to create or update comment
pull-requests: write # for peter-evans/create-pull-request to create a PR
pull-requests: write # for peter-evans/create-pull-request to create a PR, for peter-evans/create-or-update-comment to create or update comment
if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
runs-on: ubuntu-latest
steps: