From d5a5865d46a6d1b3b9c290c9ed6132c0fa49e643 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 14 Jul 2021 11:50:40 +0200
Subject: [PATCH] ci: trim job permissions (#10836)

---
 .github/workflows/label-actions.yml | 4 ++++
 .github/workflows/lock.yml          | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/label-actions.yml b/.github/workflows/label-actions.yml
index cd2e76c648..8fb6982907 100644
--- a/.github/workflows/label-actions.yml
+++ b/.github/workflows/label-actions.yml
@@ -4,6 +4,10 @@ on:
   issues:
     types: [labeled]
 
+permissions:
+  contents: read
+  issues: write
+
 jobs:
   reaction:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
index a3c7468439..9a5130094f 100644
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -8,6 +8,10 @@ on:
   # allow manual trigger
   workflow_dispatch:
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   lock:
     runs-on: ubuntu-latest
-- 
GitLab