From 309bc74baf7b3a0b38049d8af0ef601ad44cdad4 Mon Sep 17 00:00:00 2001
From: shenxianpeng <xianpeng.shen@gmail.com>
Date: Fri, 13 Jun 2025 11:02:48 +0300
Subject: [PATCH 1/5] Potential fix Workflow does not contain permissions
 (#234)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e470c14..3163c6c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,5 +1,8 @@
 name: main
 
+permissions:
+  contents: write
+
 on:
   push:
     branches:

From 53ea82057400fea2b90b53b9614ef305cedead57 Mon Sep 17 00:00:00 2001
From: shenxianpeng <xianpeng.shen@gmail.com>
Date: Fri, 13 Jun 2025 11:05:37 +0300
Subject: [PATCH 2/5] fix: potential fix workflow does not contain permissions
 (#235)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/release-drafter.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index d25c13e..0b36c74 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -6,6 +6,10 @@ on:
       - "main"
   workflow_dispatch:
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   draft-release:
     uses: commit-check/.github/.github/workflows/release-drafter.yml@main

From 634075918a736be7440fa612d018ad5360283459 Mon Sep 17 00:00:00 2001
From: shenxianpeng <xianpeng.shen@gmail.com>
Date: Fri, 13 Jun 2025 11:21:17 +0300
Subject: [PATCH 3/5] fix: potential fix workflow does not contain permissions
 (#236)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/publish-image.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
index 39dd16e..9c148f6 100644
--- a/.github/workflows/publish-image.yml
+++ b/.github/workflows/publish-image.yml
@@ -1,5 +1,8 @@
 name: publish image
 
+permissions:
+  contents: read
+
 on:
   push:
     paths:

From 6cdeb1405270b21f3e7df33b730a5decf871bdbc Mon Sep 17 00:00:00 2001
From: shenxianpeng <xianpeng.shen@gmail.com>
Date: Fri, 13 Jun 2025 11:31:31 +0300
Subject: [PATCH 4/5] fix: potential fix workflow does not contain permissions
 (#237)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/labeler.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 52689d6..659f080 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -1,5 +1,9 @@
 name: PR Autolabeler
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   # pull_request event is required for autolabeler
   pull_request:

From 485e745ec7b7a675680b93cd62d2138d3f10e4f4 Mon Sep 17 00:00:00 2001
From: shenxianpeng <xianpeng.shen@gmail.com>
Date: Fri, 13 Jun 2025 11:33:54 +0300
Subject: [PATCH 5/5] fix: Potential fix Workflow does not contain permissions
 #235

---
 .github/workflows/release-drafter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 0b36c74..182ecec 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 
 permissions:
-  contents: read
+  contents: write
   pull-requests: write
 
 jobs: