From ff13fa8f0a9ea589830ad2868011f510e652fb16 Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Sat, 21 May 2022 17:35:26 -0700
Subject: [PATCH] ci: Add GitHub token permissions for workflows (#34298)

ci: add GitHub token permissions
---
 .github/workflows/semantic.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml
index 11d62c9d62855..6158b510bb03b 100644
--- a/.github/workflows/semantic.yml
+++ b/.github/workflows/semantic.yml
@@ -7,8 +7,14 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+
 jobs:
   main:
+    permissions:
+      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
     name: Validate PR Title
     runs-on: ubuntu-latest
     steps: