[Python-checkins] Restrict GITHUB_TOKEN permissions for the 'stale' workflow (GH-25564)
miss-islington
webhook-mailer at python.org
Fri Apr 23 18:19:03 EDT 2021
https://github.com/python/cpython/commit/481994078fbf61317fe35456e9a1b8a960e7dfa0
commit: 481994078fbf61317fe35456e9a1b8a960e7dfa0
branch: master
author: Brett Cannon <brett at python.org>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2021-04-23T15:18:50-07:00
summary:
Restrict GITHUB_TOKEN permissions for the 'stale' workflow (GH-25564)
It should only need write-level permissions to pull requests.
files:
M .github/workflows/stale.yml
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 58c9a4f21c30f..26806fad814f1 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -4,6 +4,9 @@ on:
schedule:
- cron: "0 0 * * *"
+permissions:
+ pull-requests: write
+
jobs:
stale:
More information about the Python-checkins
mailing list