From 65c8e9e24aec4e90a52319956e062ae7640fec34 Mon Sep 17 00:00:00 2001
From: Vijayakumar A <36878324+kumvijaya@users.noreply.github.com>
Date: Sun, 19 May 2024 00:27:03 +0530
Subject: T6349: updated pr-labels workflow permission (#3485)

---
 .github/workflows/add-pr-labels.yml        | 4 ++++
 .github/workflows/auto-author-assign.yml   | 2 ++
 .github/workflows/chceck-pr-message.yml    | 4 ++++
 .github/workflows/check-pr-conflicts.yml   | 1 +
 .github/workflows/check-stale.yml          | 4 ++++
 .github/workflows/check-unused-imports.yml | 8 ++++++--
 .github/workflows/label-backport.yml       | 6 +++++-
 .github/workflows/linit-j2.yml             | 4 ++++
 8 files changed, 30 insertions(+), 3 deletions(-)

(limited to '.github/workflows')

diff --git a/.github/workflows/add-pr-labels.yml b/.github/workflows/add-pr-labels.yml
index 78d619f4a..1723cceb0 100644
--- a/.github/workflows/add-pr-labels.yml
+++ b/.github/workflows/add-pr-labels.yml
@@ -9,6 +9,10 @@ on:
       - equuleus
       - sagitta
 
+permissions:
+  pull-requests: write
+  contents: read
+
 jobs:
   add-pr-label:
     uses: vyos/.github/.github/workflows/add-pr-labels.yml@feature/T6349-reusable-workflows
diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml
index 1f69f4807..c3696ea47 100644
--- a/.github/workflows/auto-author-assign.yml
+++ b/.github/workflows/auto-author-assign.yml
@@ -3,8 +3,10 @@ on:
   pull_request_target:
     types: [opened, reopened, ready_for_review, locked]
 
+
 permissions:
   pull-requests: write
+  contents: read
 
 jobs:
   assign-author:
diff --git a/.github/workflows/chceck-pr-message.yml b/.github/workflows/chceck-pr-message.yml
index 95c5b69ce..e7e456961 100644
--- a/.github/workflows/chceck-pr-message.yml
+++ b/.github/workflows/chceck-pr-message.yml
@@ -8,6 +8,10 @@ on:
       - crux
       - equuleus
 
+permissions:
+  pull-requests: write
+  contents: read
+
 jobs:
   check-pr-title:
     uses: vyos/.github/.github/workflows/check-pr-message.yml@feature/T6349-reusable-workflows
diff --git a/.github/workflows/check-pr-conflicts.yml b/.github/workflows/check-pr-conflicts.yml
index 62a37a7fa..0c659e6ed 100644
--- a/.github/workflows/check-pr-conflicts.yml
+++ b/.github/workflows/check-pr-conflicts.yml
@@ -6,6 +6,7 @@ on:
 
 permissions:
   pull-requests: write
+  contents: read
 
 jobs:
   check-pr-conflict-call:
diff --git a/.github/workflows/check-stale.yml b/.github/workflows/check-stale.yml
index 0b88acdb7..b5ec533f1 100644
--- a/.github/workflows/check-stale.yml
+++ b/.github/workflows/check-stale.yml
@@ -3,6 +3,10 @@ on:
   schedule:
   - cron: "0 0 * * *"
 
+permissions:
+  pull-requests: write
+  contents: read
+
 jobs:
   stale:
     uses: vyos/.github/.github/workflows/check-stale.yml@feature/T6349-reusable-workflows
diff --git a/.github/workflows/check-unused-imports.yml b/.github/workflows/check-unused-imports.yml
index 468543d6e..aada264f7 100644
--- a/.github/workflows/check-unused-imports.yml
+++ b/.github/workflows/check-unused-imports.yml
@@ -1,11 +1,15 @@
 name: Check for unused imports using Pylint
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - current
       - sagitta
+  workflow_dispatch:
+
+permissions:
+  contents: read
 
 jobs:
-  Check-Unused-Imports:
+  check-unused-imports:
     uses: vyos/.github/.github/workflows/check-unused-imports.yml@feature/T6349-reusable-workflows
     secrets: inherit
diff --git a/.github/workflows/label-backport.yml b/.github/workflows/label-backport.yml
index 581363eb1..9192b8184 100644
--- a/.github/workflows/label-backport.yml
+++ b/.github/workflows/label-backport.yml
@@ -2,7 +2,11 @@ name: Mergifyio backport
 
 on: [issue_comment]
 
+permissions:
+  pull-requests: write
+  contents: read
+
 jobs:
-  mergifyio_backport:
+  mergifyio-backport:
     uses: vyos/.github/.github/workflows/label-backport.yml@feature/T6349-reusable-workflows
     secrets: inherit
diff --git a/.github/workflows/linit-j2.yml b/.github/workflows/linit-j2.yml
index 093fe7ffe..364a65a14 100644
--- a/.github/workflows/linit-j2.yml
+++ b/.github/workflows/linit-j2.yml
@@ -8,6 +8,10 @@ on:
       - crux
       - equuleus
 
+permissions:
+  pull-requests: write
+  contents: read
+
 jobs:
   j2lint:
     uses: vyos/.github/.github/workflows/lint-j2.yml@feature/T6349-reusable-workflows
-- 
cgit v1.2.3