Potential fix for code scanning alert no. 6: Workflow does not contain permissions (#2076)

D-K-P · github-advanced-security[bot] · web-flow · commit 325ef04c7f8a · 2025-05-19T21:15:42.000+01:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,6 +18,10 @@ jobs:
   release:
     name: 🦋 Changesets Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      pull-requests: write
     if: github.repository == 'triggerdotdev/trigger.dev'
     outputs:
       published: ${{ steps.changesets.outputs.published }}
@@ -93,6 +97,8 @@ jobs:
   publish:
     needs: release
     uses: ./.github/workflows/publish.yml
+    permissions:
+      contents: read
     secrets: inherit
     # if: needs.release.outputs.published == 'true'
     # disable automatic publishing for now
