Merge pull request #81 from ansible-lockdown/pub_welcome

frederickw082922 · web-flow · commit 6d8406f09c75 · 2025-10-16T10:19:31.000-04:00
updated workflow permissions
diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml
@@ -17,19 +17,17 @@
     # Allow manual running of workflow
     workflow_dispatch:
 
-  # Allow permissions for AWS auth
-  permissions:
-    id-token: write
-    contents: read
-    pull-requests: read
-
   # A workflow run is made up of one or more jobs
   # that can run sequentially or in parallel
   jobs:
     # This will create messages for first time contributers and direct them to the Discord server
     welcome:
       runs-on: ubuntu-latest
 
+      permissions:
+        issues: write
+        pull-requests: write
+
       steps:
         - uses: actions/first-interaction@main
           with:
@@ -45,6 +43,13 @@
     playbook-test:
       # The type of runner that the job will run on
       runs-on: self-hosted
+
+      # Allow permissions for AWS auth
+      permissions:
+        id-token: write
+        contents: read
+        pull-requests: read
+
       env:
         ENABLE_DEBUG: ${{ vars.ENABLE_DEBUG }}
         # Imported as a variable by terraform
