Skip to content

Commit

Permalink
Set top and job level permissions for janitor.yml
Browse files Browse the repository at this point in the history 
It seems that the janitor.yml workflow only needs pull-requests: write permission -- to close the PRs. I've also granted the contents: read just in case.

PiperOrigin-RevId: 561444486
  • Loading branch information
@protobuf-github-bot @copybara-github
protobuf-github-bot authored and copybara-github committed Aug 30, 2023
1 parent 403a32d commit a3dfe32
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/janitor.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,15 @@ on:
- cron: 0 10 * * *
workflow_dispatch:

permissions: {}

jobs:
stale-prs:
name: Close Stale Copybara PRs
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write # to allow closing the PR
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
Expand Down

0 comments on commit a3dfe32

Please sign in to comment.