From 6c111aaf05315e9553a742f93b78432350588f02 Mon Sep 17 00:00:00 2001
From: Michael Graeb <graebm@amazon.com>
Date: Thu, 2 Jun 2022 16:51:00 -0700
Subject: [PATCH] Give explicit permissions to Github actions (#286)

because actions in this repo no longer have write permission by default.
---
 .github/workflows/closed-issue-message.yml | 2 ++
 .github/workflows/docs.yml                 | 2 ++
 .github/workflows/stale_issue.yml          | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
index 3340afb1f..22bf2a7bd 100644
--- a/.github/workflows/closed-issue-message.yml
+++ b/.github/workflows/closed-issue-message.yml
@@ -5,6 +5,8 @@ on:
 jobs:
     auto_comment:
         runs-on: ubuntu-latest
+        permissions:
+          issues: write
         steps:
         - uses: aws-actions/closed-issue-message@v1
           with:
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 25e928e02..03c86d9f5 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -10,6 +10,8 @@ on:
 jobs:
   update-docs-branch:
     runs-on: ubuntu-20.04 # latest
+    permissions:
+      contents: write # allow push
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/.github/workflows/stale_issue.yml b/.github/workflows/stale_issue.yml
index 93920fa51..05f6ba701 100644
--- a/.github/workflows/stale_issue.yml
+++ b/.github/workflows/stale_issue.yml
@@ -9,6 +9,9 @@ jobs:
   cleanup:
     runs-on: ubuntu-latest
     name: Stale issue job
+    permissions:
+      issues: write
+      pull-requests: write
     steps:
     - uses: aws-actions/stale-issue-cleanup@v3
       with: