numpy
diff --git a/‎.github/workflows/build_test.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/build_test.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/circleci.yml
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/circleci.yml
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/cygwin.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/cygwin.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/docker.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/docker.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/gitpod.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/gitpod.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/labeler.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/labeler.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/wheels.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/wheels.yml
Lines changed: 3 additions & 0 deletions
@@ -22,6 +22,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+
contents: read # to fetch code (actions/checkout)  contents: read # to fetch code (actions/checkout)
+
 jobs:
   lint:
     if: "github.repository == 'numpy/numpy' && github.ref != 'refs/heads/main' && !contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip github]')"
 
@@ -1,6 +1,10 @@
 # To enable this workflow on a fork, comment out:
 #
 # if: github.repository == 'numpy/numpy'
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 on: [status]
 jobs:
   circleci_artifacts_redirector_job:
 
@@ -14,6 +14,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   cygwin_build_test:
     runs-on: windows-latest
 
@@ -7,6 +7,9 @@ on:
     paths:
       - 'environment.yml'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs: 
   build:
     name: Build base Docker image 
 
@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     name: Build Gitpod Docker image
 
@@ -3,6 +3,9 @@ on:
   pull_request_target:
     types: [opened, synchronize, reopened, edited]
 
+permissions:
+  contents: write # to add labels
+
 jobs:
   pr-labeler:
     runs-on: ubuntu-latest
 
@@ -31,6 +31,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   get_commit_message:
     name: Get commit message