Merge pull request #9739 from reasonerjt/update-actions-permissions

Lyndon-Li · web-flow · commit 2d6865d6e50a · 2026-04-22T08:26:52.000+08:00
Set permissions to the actions
diff --git a/.github/workflows/auto_assign_prs.yml b/.github/workflows/auto_assign_prs.yml
@@ -7,6 +7,10 @@ on:
   pull_request_target:
     types: [opened, reopened, ready_for_review]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   # Automatically assigns reviewers and owner
   add-reviews:
@@ -16,4 +20,3 @@ jobs:
         uses: kentaro-m/auto-assign-action@v2.0.0
         with:
           configuration-path: ".github/auto-assignees.yml"
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/auto_label_prs.yml b/.github/workflows/auto_label_prs.yml
@@ -8,12 +8,15 @@ on:
   pull_request_target:
     types: [opened, reopened, synchronize, ready_for_review]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   # Automatically labels PRs based on file globs in the change.
   triage:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/labeler@v5
         with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
           configuration-path: .github/labeler.yml
diff --git a/.github/workflows/auto_request_review.yml b/.github/workflows/auto_request_review.yml
@@ -5,6 +5,10 @@ on:
   pull_request_target:
     types: [opened, ready_for_review, reopened]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   auto-request-review:
     name: Auto Request Review
@@ -13,5 +17,4 @@ jobs:
       - name: Request a PR review based on files types/paths, and/or groups the author belongs to
         uses: necojackarc/auto-request-review@v0.13.0
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           config: .github/auto-assignees.yml
