fix: (#422) add missing job permissions out of convenience reasons

.github/workflows/actions_template_sync.yml

@@ -10,6 +10,9 @@ on:
 jobs:
  repo-sync:
  runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ pull-requests: write
 
  steps:
  # To use this repository's private action, you must check out the repository

.github/workflows/release.yml

@@ -13,6 +13,9 @@ jobs:
  call_test_all:
  uses: ./.github/workflows/test_all.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_release_please:
  needs:
  - call_shellcheck

.github/workflows/test.yml

@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

.github/workflows/test_all.yml

@@ -12,12 +12,24 @@ jobs:
  call_test_hooks:
  uses: ./.github/workflows/test_hooks.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_test_ssh_gitlab:
  uses: ./.github/workflows/test_ssh_gitlab.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_test_ssh:
  uses: ./.github/workflows/test_ssh.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_test:
  uses: ./.github/workflows/test.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write

.github/workflows/test_hooks.yml

@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

.github/workflows/test_ssh.yml

@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

.github/workflows/test_ssh_gitlab.yml

@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

README.md

@@ -79,6 +79,10 @@ on:
 jobs:
  repo-sync:
  runs-on: ubuntu-latest
+ # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+ permissions:
+ contents: write
+ pull-requests: write
 
  steps:
  # To use this repository's private action, you must check out the repository
@@ -89,9 +93,6 @@ jobs:
 
  - name: actions-template-sync
  uses: AndreasAugustin/actions-template-sync@v1.1.8
- permissions:
- content: write
- pull-requests: write
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: <owner/repo>
@@ -152,6 +153,10 @@ It is also possible to use a different git provider, e.g. GitLab.
 jobs:
  repo-sync:
  runs-on: ubuntu-latest
+ # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+ permissions:
+ contents: write
+ pull-requests: write
 
  steps:
  # To use this repository's private action, you must check out the repository
@@ -162,9 +167,6 @@ jobs:
 
  - name: actions-template-sync
  uses: AndreasAugustin/actions-template-sync@v1.1.8
- permissions:
- content: write
- pull-requests: write
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # <owner/repo>, should be within secrets