Skip to content

Commit 3d76f81

Browse files
committed
fix(ci): grant write permissions required by auto-merge, quality-report, and CodeQL
- auto-merge.yml: pull-requests write for pulls.merge - quality-gate.yml: job-level pull-requests write for PR comments - sast.yml: security-events write for CodeQL SARIF upload
1 parent 2569b38 commit 3d76f81

3 files changed

Lines changed: 5 additions & 1 deletion

File tree

.github/workflows/auto-merge.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: Auto Merge
22
permissions:
33
contents: read
4-
pull-requests: read
4+
pull-requests: write
55

66
on:
77
pull_request:

.github/workflows/quality-gate.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,9 @@ jobs:
141141
needs: [unit-tests, e2e-tests, integration-tests, fr-annotation-check]
142142
if: always()
143143
runs-on: ubuntu-24.04
144+
permissions:
145+
contents: read
146+
pull-requests: write
144147
steps:
145148
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.1.1
146149

.github/workflows/sast.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ name: Security (SAST)
22
permissions:
33
contents: read
44
pull-requests: read
5+
security-events: write
56
on:
67
push:
78
branches: [main, develop]

0 commit comments

Comments
 (0)