From 9bf8921525e1dee369f3a15fcb00c60c23f884c3 Mon Sep 17 00:00:00 2001 From: Bill Wagner Date: Fri, 26 Jul 2024 11:44:59 -0400 Subject: [PATCH] fixing perms --- .github/workflows/check-for-build-warnings.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/do-not-merge-label-check.yml | 2 +- .github/workflows/docs-verifier.yml | 2 +- .github/workflows/live-protection.yml | 2 +- .github/workflows/markdownlint.yml | 2 +- .github/workflows/rebase-needed.yml | 2 +- .github/workflows/snippets5000.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/check-for-build-warnings.yml b/.github/workflows/check-for-build-warnings.yml index 189ce016819ec..2c7d95a4380ec 100644 --- a/.github/workflows/check-for-build-warnings.yml +++ b/.github/workflows/check-for-build-warnings.yml @@ -1,7 +1,7 @@ name: 'OPS status checker' on: - pull_request_target: + pull_request: types: [opened, synchronize, reopened] permissions: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ef38e8bea9441..f072eabac8d4e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -7,7 +7,7 @@ # # Source repository: https://github.com/actions/dependency-review-action name: 'Dependency Review' -on: [pull_request_target] +on: [pull_request] permissions: contents: read diff --git a/.github/workflows/do-not-merge-label-check.yml b/.github/workflows/do-not-merge-label-check.yml index f824903b92247..36d65e34ed1f8 100644 --- a/.github/workflows/do-not-merge-label-check.yml +++ b/.github/workflows/do-not-merge-label-check.yml @@ -5,7 +5,7 @@ name: "Check labels that prevent merge" on: - pull_request_target: + pull_request: branches: [main] types: [labeled, unlabeled] diff --git a/.github/workflows/docs-verifier.yml b/.github/workflows/docs-verifier.yml index e2634c0a3237b..237dfe465a7b5 100644 --- a/.github/workflows/docs-verifier.yml +++ b/.github/workflows/docs-verifier.yml @@ -1,5 +1,5 @@ name: MSDocs build verifier -on: pull_request_target +on: pull_request permissions: contents: read diff --git a/.github/workflows/live-protection.yml b/.github/workflows/live-protection.yml index 1a08cf7c93812..026123e142acb 100644 --- a/.github/workflows/live-protection.yml +++ b/.github/workflows/live-protection.yml @@ -1,4 +1,4 @@ -on: [pull_request_target] +on: [pull_request] permissions: contents: read diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index 779ea388360af..f5fc80a12dc6b 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -9,7 +9,7 @@ on: - ".markdownlint-cli2.jsonc" - ".github/workflows/markdownlint.yml" - ".github/workflows/markdownlint-problem-matcher.json" - pull_request_target: + pull_request: paths: - "**/*.md" - ".markdownlint-cli2.jsonc" diff --git a/.github/workflows/rebase-needed.yml b/.github/workflows/rebase-needed.yml index 052e4789d98f3..6fb693c97ed0c 100644 --- a/.github/workflows/rebase-needed.yml +++ b/.github/workflows/rebase-needed.yml @@ -2,7 +2,7 @@ name: "rebase required" on: push: - pull_request_target: + pull_request: types: [synchronize] permissions: diff --git a/.github/workflows/snippets5000.yml b/.github/workflows/snippets5000.yml index 7c1212a6f6d98..9a0aa3c28a3f0 100644 --- a/.github/workflows/snippets5000.yml +++ b/.github/workflows/snippets5000.yml @@ -3,7 +3,7 @@ name: 'Snippets 5000' # Controls when the action will run. Triggers the workflow on push or pull request # events on the main branch only. on: - pull_request_target: + pull_request: branches: [ main ] types: [opened, synchronize, reopened] workflow_dispatch: