GitHub Workflows security hardening (#26640)

Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
2024-12-26 09:31:08 +08:00 · 2022-09-01 22:36:51 +02:00 · 2022-09-01 22:36:51 +02:00 · 4dacd997a5
commit 4dacd997a5
parent 45ea75f385
1 changed files with 5 additions and 0 deletions
--- a/.github/workflows/trustedPR.yml
+++ b/.github/workflows/trustedPR.yml
@ -8,8 +8,13 @@ on:
    types:
      - completed

+permissions:
+  contents: read
+
 jobs:
  comment:
+    permissions:
+      pull-requests: write
    runs-on: ubuntu-latest
    if: >
      ${{ github.event.workflow_run.event == 'pull_request' &&