From e6f35396104a4804a2fb6cd75e9d2e161bdf6faa Mon Sep 17 00:00:00 2001 From: Nick Clegg Date: Mon, 2 Jun 2025 17:24:52 -0400 Subject: [PATCH 1/2] Update pr-and-push.yml --- .github/workflows/pr-and-push.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-and-push.yml b/.github/workflows/pr-and-push.yml index 38e88691..2b2d026f 100644 --- a/.github/workflows/pr-and-push.yml +++ b/.github/workflows/pr-and-push.yml @@ -13,5 +13,7 @@ concurrency: jobs: call-test-lint: uses: ./.github/workflows/test-lint.yml + permissions: + contents: read with: - ref: ${{ github.event.pull_request.head.sha }} \ No newline at end of file + ref: ${{ github.event.pull_request.head.sha }} From 1b28f1ddc51c6249f919bfd13e14b023459afa93 Mon Sep 17 00:00:00 2001 From: Nick Clegg Date: Mon, 2 Jun 2025 17:25:10 -0400 Subject: [PATCH 2/2] Update pypi-publish-on-release.yml --- .github/workflows/pypi-publish-on-release.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pypi-publish-on-release.yml b/.github/workflows/pypi-publish-on-release.yml index 4047f596..d7038e82 100644 --- a/.github/workflows/pypi-publish-on-release.yml +++ b/.github/workflows/pypi-publish-on-release.yml @@ -13,6 +13,8 @@ jobs: build: name: Build distribution 📦 + permissions: + contents: read needs: - call-test-lint runs-on: ubuntu-latest @@ -55,6 +57,8 @@ jobs: deploy: name: Upload release to PyPI + permissions: + contents: read needs: - build runs-on: ubuntu-latest @@ -75,4 +79,4 @@ jobs: name: python-package-distributions path: dist/ - name: Publish distribution 📦 to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file + uses: pypa/gh-action-pypi-publish@release/v1