amannn · amannn · May 16, 2023 · Oct 26, 2022 · Oct 26, 2022 · Oct 26, 2022
diff --git a/.github/workflows/lint-pr-title-preview-ignoreLabels.yml b/.github/workflows/lint-pr-title-preview-ignoreLabels.yml
@@ -8,12 +8,15 @@ on:
       - labeled
       - unlabeled
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - run: yarn install

diff --git a/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml b/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml
@@ -6,12 +6,15 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - run: yarn install

diff --git a/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml b/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml
@@ -6,12 +6,15 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - run: yarn install

diff --git a/.github/workflows/lint-pr-title-preview.yml b/.github/workflows/lint-pr-title-preview.yml
@@ -6,12 +6,15 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - run: yarn install

diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml
@@ -6,12 +6,15 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - uses: ./

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,12 +4,18 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+  deployments: write
+  issues: write
+  pull-requests: write
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - run: yarn install

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -6,12 +6,15 @@ on:
       - reopened
       - synchronize
 
+permissions:
+  contents: read
+
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
       - run: yarn install
@@ -20,7 +23,7 @@ jobs:
   dist:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: 
           fetch-depth: 0
       - name: Check if `dist/` has been modified.

diff --git a/.github/workflows/versioning.yml b/.github/workflows/versioning.yml
@@ -4,6 +4,9 @@ on:
   release:
     types: [published, edited]
 
+permissions:
+  deployments: write
+
 jobs:
   actions-tagger:
     runs-on: ubuntu-latest

diff --git a/README.md b/README.md
@@ -30,6 +30,9 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     name: Validate PR title
@@ -111,6 +114,21 @@ feat(ui): Add `Button` component
           wip: true
 ```
 
+### Required Permissions for [WIP] feature
+
+If you want to use the `[WIP]` feature, you need to grant the
+`pull-requests: write` permission to the GitHub Action. This is because the
+action will update the status of the PR.
+
+```yml
+name: "Lint PR"
+
+# ...
+
+permissions:
+  pull-requests: write
+```
+
 ## Event triggers
 
 There are two events that can be used as triggers for this action, each with different characteristics:
@@ -137,6 +155,9 @@ on:
       - edited
       - synchronize
 
+permissions:
+  pull-requests: read
+
 jobs:
   main:
     name: Validate PR title