This is an automated email from the ASF dual-hosted git repository.
hainenber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new a87a006aaeb ci: declare explicit permissions in maintenance workflows
(#38159)
a87a006aaeb is described below
commit a87a006aaeb442c8676886dfba9f2c1419abe1fa
Author: Rohan Santhosh <[email protected]>
AuthorDate: Sun Feb 22 13:05:58 2026 +0800
ci: declare explicit permissions in maintenance workflows (#38159)
Co-authored-by: rohan436 <[email protected]>
---
.github/workflows/no-hold-label.yml | 3 +++
.github/workflows/pre-commit.yml | 3 +++
.github/workflows/tech-debt.yml | 3 +++
3 files changed, 9 insertions(+)
diff --git a/.github/workflows/no-hold-label.yml
b/.github/workflows/no-hold-label.yml
index 08df98eb4c9..021858103dc 100644
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -4,6 +4,9 @@ on:
pull_request:
types: [labeled, unlabeled, opened, reopened, synchronize]
+permissions:
+ pull-requests: read
+
# cancel previous workflow jobs for PRs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.run_id }}
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index f1aa42b686f..06eb98116bb 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -8,6 +8,9 @@ on:
pull_request:
types: [synchronize, opened, reopened, ready_for_review]
+permissions:
+ contents: read
+
# cancel previous workflow jobs for PRs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.run_id }}
diff --git a/.github/workflows/tech-debt.yml b/.github/workflows/tech-debt.yml
index aaa2ae4f6a6..b83aceb1842 100644
--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -6,6 +6,9 @@ on:
- master
- "[0-9].[0-9]*"
+permissions:
+ contents: read
+
jobs:
config:
runs-on: ubuntu-24.04
