The currently recommended best practice for Github action workflows is to set top-level permissions to read only. And if the job uses the automatic `GITHUB_TOKEN`, fine-grained permissions for each job based on the job's requirements should also be added.
All existing workflows in the repository now have top-level read only permission blocks.
Only the `scorecard` workflow currently requires additional job level permissions and the minimum set of permissions were already present for the job.
PR Close#45177
Enable a GitHub action that implements our new feature request
[process](ce8e011a9f/docs/GITHUB_PROCESS.md (feature-request-process)).
As a prerequisite, we need to create the following labels:
- `in backlog`
- `votes required`
- `under consideration`
- `insufficient votes`
The bot will also use the existing `feature` label to identify feature
requests.
With its current configuration, we need to kick the process off
manually. We currently also have a limit, meaning the bot will process
only 50 feature requests before it exits. Additionally, now the bot will
not close issues, it'll just comment on them and if they have an
insufficient number of votes, the bot will label them with `insufficient
votes`.
On the next iteration, we can:
- Expand the limit from 50 to infinity (removing the option from the
yml file)
- Set a cron configuration to kick off the bot automatically
- Enable autoclose by setting the `close-when-no-sufficient-votes` to
`true`
PR Close#41975
