From f4a7ba967e739239173bc2440b4e1c6ba3cf41f0 Mon Sep 17 00:00:00 2001
From: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Date: Thu, 24 Mar 2022 11:32:57 -0500
Subject: Set permissions for GitHub actions (#7984)

This limits the damage that a compromised GitHub action could do.

See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
---
 .github/workflows/commit-validation.yml | 3 +++
 1 file changed, 3 insertions(+)

(limited to '.github/workflows/commit-validation.yml')

diff --git a/.github/workflows/commit-validation.yml b/.github/workflows/commit-validation.yml
index 0b52e94e5..1c785d6f8 100644
--- a/.github/workflows/commit-validation.yml
+++ b/.github/workflows/commit-validation.yml
@@ -1,6 +1,9 @@
 name: commit-validation
 on: [ push, pull_request ]
 
+permissions:
+  contents: read
+
 jobs:
   check-commit-msg-length:
     runs-on: ubuntu-latest
-- 
cgit v1.2.3