From b69b87255575c36e8c9e7e472b528dc3cafc48ad Mon Sep 17 00:00:00 2001 From: shahar-h Date: Fri, 19 Apr 2024 05:29:24 +0300 Subject: [PATCH] ci: move write permissions to job level in cherrypick workflow (#3219) Signed-off-by: Shahar Harari --- .github/workflows/cherrypick.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cherrypick.yaml b/.github/workflows/cherrypick.yaml index cbceef0cb9e..32fa2cf2a5b 100644 --- a/.github/workflows/cherrypick.yaml +++ b/.github/workflows/cherrypick.yaml @@ -6,11 +6,13 @@ on: types: ["closed"] permissions: - pull-requests: write - contents: write + contents: read jobs: cherry_pick_release_v1_0: + permissions: + pull-requests: write + contents: write runs-on: ubuntu-22.04 name: Cherry pick into release-v1.0 if: ${{ contains(github.event.pull_request.labels.*.name, 'cherrypick/release-v1.0') && github.event.pull_request.merged == true }}