From b54303cd82006bb63398cc0f0f953ddd65716d75 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Wed, 3 May 2023 23:20:40 +0000
Subject: [PATCH] Build/Test Tools: Fix the permissions that are granted to the
 Slack notifications workflow.

Follow-up to [55715].

See #57865


git-svn-id: https://develop.svn.wordpress.org/trunk@55717 602fd350-edb4-49c9-b593-d223f7449a82
---
 .github/workflows/coding-standards.yml            | 3 +++
 .github/workflows/end-to-end-tests.yml            | 3 +++
 .github/workflows/javascript-tests.yml            | 3 +++
 .github/workflows/performance.yml                 | 3 +++
 .github/workflows/php-compatibility.yml           | 3 +++
 .github/workflows/phpunit-tests.yml               | 3 +++
 .github/workflows/test-and-zip-default-themes.yml | 3 +++
 .github/workflows/test-coverage.yml               | 3 +++
 .github/workflows/test-npm.yml                    | 3 +++
 .github/workflows/test-old-branches.yml           | 3 +++
 10 files changed, 30 insertions(+)

diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml
index 44b9707d93..74035ec041 100644
--- a/.github/workflows/coding-standards.yml
+++ b/.github/workflows/coding-standards.yml
@@ -172,6 +172,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ phpcs, jshint ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/end-to-end-tests.yml b/.github/workflows/end-to-end-tests.yml
index 8a5fafe193..f8c86f6791 100644
--- a/.github/workflows/end-to-end-tests.yml
+++ b/.github/workflows/end-to-end-tests.yml
@@ -116,6 +116,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ e2e-tests ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/javascript-tests.yml b/.github/workflows/javascript-tests.yml
index bf0fdcc525..7bd256c0a0 100644
--- a/.github/workflows/javascript-tests.yml
+++ b/.github/workflows/javascript-tests.yml
@@ -89,6 +89,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ test-js ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index c7c3b58471..e9005742d2 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -197,6 +197,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ performance ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/php-compatibility.yml b/.github/workflows/php-compatibility.yml
index fab3f9228d..b5f885e9bc 100644
--- a/.github/workflows/php-compatibility.yml
+++ b/.github/workflows/php-compatibility.yml
@@ -114,6 +114,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ php-compatibility ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/phpunit-tests.yml b/.github/workflows/phpunit-tests.yml
index c3f00152ba..b2e7543341 100644
--- a/.github/workflows/phpunit-tests.yml
+++ b/.github/workflows/phpunit-tests.yml
@@ -226,6 +226,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ test-php ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/test-and-zip-default-themes.yml b/.github/workflows/test-and-zip-default-themes.yml
index 9378e8757c..d1b4e4f022 100644
--- a/.github/workflows/test-and-zip-default-themes.yml
+++ b/.github/workflows/test-and-zip-default-themes.yml
@@ -147,6 +147,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ bundle-theme, test-build-scripts ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/test-coverage.yml b/.github/workflows/test-coverage.yml
index a8f101565c..ea085feadd 100644
--- a/.github/workflows/test-coverage.yml
+++ b/.github/workflows/test-coverage.yml
@@ -175,6 +175,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ test-coverage-report ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/test-npm.yml b/.github/workflows/test-npm.yml
index 2e0831a57b..4777169c09 100644
--- a/.github/workflows/test-npm.yml
+++ b/.github/workflows/test-npm.yml
@@ -174,6 +174,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ test-npm, test-npm-macos ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
diff --git a/.github/workflows/test-old-branches.yml b/.github/workflows/test-old-branches.yml
index 9e6fc72847..6b5a323d5a 100644
--- a/.github/workflows/test-old-branches.yml
+++ b/.github/workflows/test-old-branches.yml
@@ -94,6 +94,9 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ dispatch-workflows-for-old-branches ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with: