Use minimum required permissions for GitHub workflows

This reduces the attack surface if the workflows are ever compromised.
2022-07-03 20:38:51 +03:00 · 2022-07-03 20:38:51 +03:00 · a1f1acfbf9
commit a1f1acfbf9
parent 45d2492bcb
3 changed files with 21 additions and 1 deletions
--- a/.github/workflows/image-minimizer.yml
+++ b/.github/workflows/image-minimizer.yml
@ -6,6 +6,10 @@ on:
  issues:
    types: [opened, edited]

+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
  try-minimize:
    runs-on: ubuntu-latest