From aa5350a6feec3639557431b1549b9744b2b196cd Mon Sep 17 00:00:00 2001
From: Nanashi <53353250+NanashiTheNameless@users.noreply.github.com>
Date: Tue, 18 Nov 2025 09:22:47 -0600
Subject: [PATCH] fix GITHUB_TOKEN permissions in workflows (#11392)

This pull request updates GitHub Actions workflow files to explicitly
set permissions for certain actions. (fixing the permissions issues)

**Workflow permissions updates:**

* Added explicit `issues: write` permission to the `assign.yml` workflow
to ensure it can modify issues as needed.
* Set `contents: write`, `actions: write`, and `checks: write`
permissions in the `build_all.yml` workflow to allow the workflow to
interact with repository contents, manage actions, and update checks.
---
 .github/workflows/assign.yml            | 3 +++
 .github/workflows/build_all.yml         | 6 +++++-
 .github/workflows/build_check_cache.yml | 5 ++++-
 .github/workflows/build_deps.yml        | 3 +++
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/assign.yml b/.github/workflows/assign.yml
index 103f2b2359..b94b874cc2 100644
--- a/.github/workflows/assign.yml
+++ b/.github/workflows/assign.yml
@@ -7,6 +7,9 @@ on:
     types: [created]
   workflow_dispatch:
 
+permissions:
+  issues: write
+
 jobs:
   assign:
     permissions:
diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml
index 5c8e93d819..5ff7201f84 100644
--- a/.github/workflows/build_all.yml
+++ b/.github/workflows/build_all.yml
@@ -46,7 +46,10 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
-  
+
+permissions:
+  contents: write
+  checks: write
 
 jobs:
   build_linux:
@@ -183,3 +186,4 @@ jobs:
         asset_name: OrcaSlicer-Linux-flatpak_nightly_${{ matrix.variant.arch }}.flatpak
         asset_content_type: application/octet-stream
         max_releases: 1 # optional, if there are more releases than this matching the asset_name, the oldest ones are going to be deleted
+
diff --git a/.github/workflows/build_check_cache.yml b/.github/workflows/build_check_cache.yml
index a97962aa7e..1725d1ec95 100644
--- a/.github/workflows/build_check_cache.yml
+++ b/.github/workflows/build_check_cache.yml
@@ -15,7 +15,10 @@ on:
       force-build:
         required: false
         type: boolean
-  
+
+permissions:
+  actions: write
+
 jobs:
   check_cache: # determines if there is a cache and outputs variables used in caching process
     name: Check Cache
diff --git a/.github/workflows/build_deps.yml b/.github/workflows/build_deps.yml
index 0267d22302..c5ef26f3ef 100644
--- a/.github/workflows/build_deps.yml
+++ b/.github/workflows/build_deps.yml
@@ -23,6 +23,9 @@ on:
         required: false
         type: boolean
 
+permissions:
+  actions: write
+
 jobs:
   build_deps:
     name: Build Deps