ci: define permissions for contributing comment workflow

Explicitely stating required permissions is considered best practice. This case was detected by Poutine, see https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/default_permissions_on_risky_events.md. Signed-off-by: Florian Greinacher <florian.greinacher@siemens.com>
sbabic · May 3, 2024 · fe565c2 · fe565c2
1 parent cbceee1
commit fe565c2
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/workflows/contributing.yml b/.github/workflows/contributing.yml
@@ -7,6 +7,10 @@ on:
     types:
       - opened
 
+permissions:
+  contents: read # for reading contributing file
+  issues: write # for posting PR comment
+
 jobs:
   comment:
     runs-on: ubuntu-latest