From d5ab502f42ddc494067fc17e79657a8e0bf65e2d Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 30 Oct 2022 23:52:55 +0200 Subject: [PATCH] build: harden GnuComment.yml permissions Signed-off-by: Alex --- .github/workflows/GnuComment.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/GnuComment.yml b/.github/workflows/GnuComment.yml index d1e34807c..bb64232a9 100644 --- a/.github/workflows/GnuComment.yml +++ b/.github/workflows/GnuComment.yml @@ -6,8 +6,13 @@ on: types: - completed +permissions: {} jobs: post-comment: + permissions: + actions: read # to list workflow runs artifacts + pull-requests: write # to comment on pr + runs-on: ubuntu-latest if: > github.event.workflow_run.event == 'pull_request'