Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#4274)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: jiaren-wu <190862939+jiaren-wu@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-10 11:41:27 +00:00 · 2025-10-13 11:08:35 -07:00
parent 71ebdd9d3c
commit 6e46b42bf4
2 changed files with 8 additions and 0 deletions
--- a/.github/workflows/arc-update-runners-scheduled.yaml
+++ b/.github/workflows/arc-update-runners-scheduled.yaml
@@ -1,6 +1,9 @@
 # This workflows polls releases from actions/runner and in case of a new one it
 # updates files containing runner version and opens a pull request.
 name: Runner Updates Check (Scheduled Job)
+permissions:
+  pull-requests: write
+  contents: write

 on:
  schedule:
--- a/.github/workflows/global-run-first-interaction.yaml
+++ b/.github/workflows/global-run-first-interaction.yaml
@@ -1,5 +1,10 @@
 name: First Interaction

+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 on:
  issues:
    types: [opened]