rossjrw · chvmvd · Apr 9, 2023 · Apr 9, 2023
diff --git a/.github/workflows/deploy-example.yml b/.github/workflows/deploy-example.yml
@@ -3,6 +3,8 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: write
 jobs:
   build:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/preview-example.yml b/.github/workflows/preview-example.yml
@@ -6,6 +6,9 @@ on:
       - reopened
       - synchronize
       - closed
+permissions:
+  contents: write
+  pull-requests: write
 concurrency: preview-${{ github.ref }}
 jobs:
   deploy-preview:

diff --git a/README.md b/README.md
@@ -68,6 +68,10 @@ on:
       - synchronize
       - closed
 
+permissions:
+  contents: write
+  pull-requests: write
+
 concurrency: preview-${{ github.ref }}
 
 jobs:
@@ -105,13 +109,6 @@ for the `pull_request` event. It only comes with `opened`, `reopened`, and
 the preview should be removed during the `closed` event, which it only sees
 if you explicitly add it to the workflow.
 
-#### Grant Actions permission to read and write to the repository
-
-This must be changed in the repository settings by selecting "Read and
-write permissions" at **Settings** > **Actions** > **General** >
-**Workflow permissions**. Otherwise, the Action won't be able to make any
-changes to your deployment branch.
-
 #### Set a concurrency group
 
 I highly recommend [setting a concurrency
@@ -262,6 +259,9 @@ on:
       - reopened
       - synchronize
       - closed
+permissions:
+  contents: write
+  pull-requests: write
 jobs:
   deploy-preview:
     runs-on: ubuntu-latest
@@ -285,6 +285,8 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: write
 jobs:
   deploy-preview:
     runs-on: ubuntu-latest
@@ -354,6 +356,9 @@ on:
     types:
       - opened
       - synchronize
+permissions:
+  contents: write
+  pull-requests: write
 jobs:
   deploy-preview:
     runs-on: ubuntu-20.04