From 162920a2914deda279be710db5506839979d4a38 Mon Sep 17 00:00:00 2001 From: Thiha <30023628+thihathit@users.noreply.github.com> Date: Sun, 24 May 2026 14:47:19 +0700 Subject: [PATCH 1/2] ci; set workflow permission Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7f756a7..d913521 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,9 @@ name: CI on: pull_request +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true From 78fe97f63b2db9986fbfe23a5f28741dec9fb75d Mon Sep 17 00:00:00 2001 From: Thiha <30023628+thihathit@users.noreply.github.com> Date: Sun, 24 May 2026 14:49:19 +0700 Subject: [PATCH 2/2] ci; set workflow permission Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/stable-release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/stable-release.yml b/.github/workflows/stable-release.yml index d1b9630..5db23a1 100644 --- a/.github/workflows/stable-release.yml +++ b/.github/workflows/stable-release.yml @@ -8,6 +8,10 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: + contents: write + issues: write + pull-requests: write outputs: has-new-release: ${{ steps.release.outputs.new_release_published }} tag-name: ${{ steps.release.outputs.new_release_git_tag }} @@ -28,6 +32,8 @@ jobs: publish: runs-on: ubuntu-latest + permissions: + contents: read needs: release if: needs.release.outputs.has-new-release == 'true' steps: