diff --git a/.github/workflows/build_wheels.yml b/.github/workflows/build_wheels.yml index e728d741d90d..3f4ea5e42f9b 100644 --- a/.github/workflows/build_wheels.yml +++ b/.github/workflows/build_wheels.yml @@ -5,6 +5,9 @@ on: branches: [main, master, 'release*'] tags: ['*'] +permissions: + contents: write + jobs: build-wheels: if: github.repository == 'python/mypy' diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 5dc86a1159f4..9f3a6121ae16 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -14,6 +14,13 @@ on: - CREDITS - LICENSE +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: docs: runs-on: ubuntu-latest diff --git a/.github/workflows/mypy_primer.yml b/.github/workflows/mypy_primer.yml index e7e4af1f07b7..2958b8fc325b 100644 --- a/.github/workflows/mypy_primer.yml +++ b/.github/workflows/mypy_primer.yml @@ -15,6 +15,9 @@ on: - 'mypy/test/**' - 'test-data/**' +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f594353ed05a..0e335a59d1d0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,6 +15,9 @@ on: - CREDITS - LICENSE +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true diff --git a/.github/workflows/test_stubgenc.yml b/.github/workflows/test_stubgenc.yml index db9bf413faa3..33466b9870ff 100644 --- a/.github/workflows/test_stubgenc.yml +++ b/.github/workflows/test_stubgenc.yml @@ -12,6 +12,13 @@ on: - 'mypy/stubdoc.py' - 'test-data/stubgen/**' +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: stubgenc: # Check stub file generation for a small pybind11 project