From 3f733d58ceca7ceaba0c2d7c0addaf6d788b9c2e Mon Sep 17 00:00:00 2001
From: Michael Vorburger <mike@vorburger.ch>
Date: Thu, 2 Nov 2023 07:50:21 +0100
Subject: [PATCH] Revert "build: Remove redundant confusing Mega Linter
 permissions"

This reverts commit 4209614126f2a02326e8346d20ba68a83bb4ce21.
---
 .github/workflows/mega-linter.yaml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml
index db153fe..b995769 100644
--- a/.github/workflows/mega-linter.yaml
+++ b/.github/workflows/mega-linter.yaml
@@ -36,11 +36,8 @@ concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
 
-# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
-# NB: The "Maximum access for pull requests from public forked repositories" is still only read, even though we ask for write here;
-# this only applies to branches on the repo itself. This makes sense security wise (committers who you can push to branches, are implictily already "trusted" anyway, as they could merge PRs).
 permissions:
-  contents: write
+  contents: read
   pull-requests: write
   issues: write
 
@@ -49,6 +46,13 @@ jobs:
     name: MegaLinter
     runs-on: ubuntu-latest
 
+    # Give the default GITHUB_TOKEN write permission to commit and push, comment
+    # issues, and post new Pull Requests; remove the ones you do not need
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+
     steps:
       # Git Checkout
       - name: Harden Runner