From f708347ed313178fbf072790a696df8b2fed05c7 Mon Sep 17 00:00:00 2001
From: Chen Asraf <casraf@pm.me>
Date: Fri, 23 Jan 2026 00:55:02 +0200
Subject: [PATCH] fix: nextcloud workflows permissions

---
 .github/workflows/nextcloud-block-unconventional-commits.yml | 1 +
 .github/workflows/nextcloud-build-npm.yml                    | 4 +---
 .github/workflows/nextcloud-lint-appinfo-xml.yml             | 4 +---
 .github/workflows/nextcloud-lint-eslint.yml                  | 4 +---
 .github/workflows/nextcloud-lint-openapi.yml                 | 4 +---
 .github/workflows/nextcloud-lint-php-cs.yml                  | 4 +---
 .github/workflows/nextcloud-lint-php.yml                     | 4 +---
 .github/workflows/nextcloud-phpunit-incremental.yml          | 4 +---
 .github/workflows/nextcloud-phpunit-mysql.yml                | 4 +---
 .github/workflows/nextcloud-phpunit-pgsql.yml                | 4 +---
 .github/workflows/nextcloud-psalm.yml                        | 4 +---
 .github/workflows/nextcloud-vitest.yml                       | 4 +---
 12 files changed, 12 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/nextcloud-block-unconventional-commits.yml b/.github/workflows/nextcloud-block-unconventional-commits.yml
index 1348677..77077c3 100644
--- a/.github/workflows/nextcloud-block-unconventional-commits.yml
+++ b/.github/workflows/nextcloud-block-unconventional-commits.yml
@@ -15,6 +15,7 @@ on:
         default: ''
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
diff --git a/.github/workflows/nextcloud-build-npm.yml b/.github/workflows/nextcloud-build-npm.yml
index 4568e8f..7de542c 100644
--- a/.github/workflows/nextcloud-build-npm.yml
+++ b/.github/workflows/nextcloud-build-npm.yml
@@ -27,14 +27,12 @@ on:
           - 'pnpm-lock.yaml'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-lint-appinfo-xml.yml b/.github/workflows/nextcloud-lint-appinfo-xml.yml
index 48be1c9..fd9858d 100644
--- a/.github/workflows/nextcloud-lint-appinfo-xml.yml
+++ b/.github/workflows/nextcloud-lint-appinfo-xml.yml
@@ -26,14 +26,12 @@ on:
           - 'appinfo/info.xml'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-lint-eslint.yml b/.github/workflows/nextcloud-lint-eslint.yml
index 75fe7af..f628d5c 100644
--- a/.github/workflows/nextcloud-lint-eslint.yml
+++ b/.github/workflows/nextcloud-lint-eslint.yml
@@ -27,14 +27,12 @@ on:
           - 'pnpm-lock.yaml'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-lint-openapi.yml b/.github/workflows/nextcloud-lint-openapi.yml
index 35190b2..f497fa1 100644
--- a/.github/workflows/nextcloud-lint-openapi.yml
+++ b/.github/workflows/nextcloud-lint-openapi.yml
@@ -27,14 +27,12 @@ on:
           - 'openapi.json'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-lint-php-cs.yml b/.github/workflows/nextcloud-lint-php-cs.yml
index 4aa3848..c85ac01 100644
--- a/.github/workflows/nextcloud-lint-php-cs.yml
+++ b/.github/workflows/nextcloud-lint-php-cs.yml
@@ -27,14 +27,12 @@ on:
           - '.php-cs-fixer.dist.php'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-lint-php.yml b/.github/workflows/nextcloud-lint-php.yml
index 604fcc5..0e97fb5 100644
--- a/.github/workflows/nextcloud-lint-php.yml
+++ b/.github/workflows/nextcloud-lint-php.yml
@@ -26,14 +26,12 @@ on:
           - '**.php'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-phpunit-incremental.yml b/.github/workflows/nextcloud-phpunit-incremental.yml
index 6187ab1..f50d6be 100644
--- a/.github/workflows/nextcloud-phpunit-incremental.yml
+++ b/.github/workflows/nextcloud-phpunit-incremental.yml
@@ -47,14 +47,12 @@ on:
           - 'composer.lock'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-phpunit-mysql.yml b/.github/workflows/nextcloud-phpunit-mysql.yml
index 280f830..a39a6d8 100644
--- a/.github/workflows/nextcloud-phpunit-mysql.yml
+++ b/.github/workflows/nextcloud-phpunit-mysql.yml
@@ -45,6 +45,7 @@ on:
           - 'composer.lock'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
@@ -78,9 +79,6 @@ jobs:
 
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src}}
diff --git a/.github/workflows/nextcloud-phpunit-pgsql.yml b/.github/workflows/nextcloud-phpunit-pgsql.yml
index 3f79579..c157bf9 100644
--- a/.github/workflows/nextcloud-phpunit-pgsql.yml
+++ b/.github/workflows/nextcloud-phpunit-pgsql.yml
@@ -35,6 +35,7 @@ on:
           - 'composer.lock'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
@@ -66,9 +67,6 @@ jobs:
 
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-psalm.yml b/.github/workflows/nextcloud-psalm.yml
index 9ac4c94..24e6d1d 100644
--- a/.github/workflows/nextcloud-psalm.yml
+++ b/.github/workflows/nextcloud-psalm.yml
@@ -27,14 +27,12 @@ on:
           - 'psalm.xml'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}
diff --git a/.github/workflows/nextcloud-vitest.yml b/.github/workflows/nextcloud-vitest.yml
index ad5c825..b83b367 100644
--- a/.github/workflows/nextcloud-vitest.yml
+++ b/.github/workflows/nextcloud-vitest.yml
@@ -33,14 +33,12 @@ on:
           - 'pnpm-lock.yaml'
 
 permissions:
+  pull-requests: read
   contents: read
 
 jobs:
   changes:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
 
     outputs:
       src: ${{ steps.changes.outputs.src }}