Skip to content

Commit

Permalink
ci: define permissions for contributing comment workflow
Browse files Browse the repository at this point in the history
Explicitely stating required permissions is considered best practice.
This case was detected by Poutine, see
https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/default_permissions_on_risky_events.md.

Signed-off-by: Florian Greinacher <[email protected]>
  • Loading branch information
fgreinacher committed May 3, 2024
1 parent cbceee1 commit fe565c2
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/contributing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ on:
types:
- opened

permissions:
contents: read # for reading contributing file
issues: write # for posting PR comment

jobs:
comment:
runs-on: ubuntu-latest
Expand Down

0 comments on commit fe565c2

Please sign in to comment.