build: harden GitHub workflow permissions

Grant pull-requests write permission to the labeler workflow and read-only to everything else. Signed-off-by: Alex Low <aleksandrosansan@gmail.com> [ wrap to 80 columns and fix wrong author as requested by author itself ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 715259940776843d8799bc39de8eb50eb764189b)
author: Alex Low <aleksandrosansan@gmail.com> 2022-09-19 12:20:37 +0200
committer: Hauke Mehrtens <hauke@hauke-m.de> 2022-11-27 17:39:36 +0100
commit: 008e9a335dc32c4662aa56eb67487ddd777f2147 (patch)
tree: 8cee15215434a7c035bd950999be8471bf82b858 /.github/workflows/tools.yml
parent: c7757810fcb598f2177c20f1bca1d3de3aaad276 (diff)
download: upstream-008e9a335dc32c4662aa56eb67487ddd777f2147.tar.gz
upstream-008e9a335dc32c4662aa56eb67487ddd777f2147.tar.bz2
upstream-008e9a335dc32c4662aa56eb67487ddd777f2147.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml
index 76cbd30db7..e089e26193 100644
--- a/.github/workflows/tools.yml
+++ b/.github/workflows/tools.yml
@@ -5,6 +5,9 @@ on:
     paths:
       - 'tools/**'
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Build tools on ${{ matrix.os }}
author	Alex Low <aleksandrosansan@gmail.com>	2022-09-19 12:20:37 +0200
committer	Hauke Mehrtens <hauke@hauke-m.de>	2022-11-27 17:39:36 +0100
commit	008e9a335dc32c4662aa56eb67487ddd777f2147 (patch)
tree	8cee15215434a7c035bd950999be8471bf82b858 /.github/workflows/tools.yml
parent	c7757810fcb598f2177c20f1bca1d3de3aaad276 (diff)
download	upstream-008e9a335dc32c4662aa56eb67487ddd777f2147.tar.gz upstream-008e9a335dc32c4662aa56eb67487ddd777f2147.tar.bz2 upstream-008e9a335dc32c4662aa56eb67487ddd777f2147.zip