From e04f594b21f53047ce84032e59cc1fb1933072b2 Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Fri, 31 Mar 2023 12:56:33 +0300 Subject: [PATCH] CI: add permissions and limit triggers to main (#1669) --- .github/workflows/release-notes.yml | 8 ++++++++ .github/workflows/test.yml | 8 ++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index babe51aa85..c92b0b1884 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -6,9 +6,17 @@ on: - main workflow_dispatch: +permissions: + contents: read + jobs: update_release_draft: + permissions: + # allow release-drafter/release-drafter to create GitHub releases and add labels to PRs + contents: write + pull-requests: write runs-on: ubuntu-latest + if: github.repository == 'twbs/icons' steps: - uses: release-drafter/release-drafter@v5 env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 94ca5886c9..493a4df487 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,8 +2,9 @@ name: Tests on: push: - branches-ignore: - - "dependabot/**" + branches: + - main + - "!dependabot/**" pull_request: workflow_dispatch: @@ -11,6 +12,9 @@ env: FORCE_COLOR: 2 NODE: 18 +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest