From f3c26ee7cc3dff72795632dc3f5516ba640ddf64 Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 25 Sep 2022 22:17:20 +0200 Subject: [PATCH] build: harden lock.yml permissions Signed-off-by: Alex --- .github/workflows/lock.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 9df4bc441..b928fc128 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -5,8 +5,13 @@ on: schedule: - cron: '0 3 * * *' +permissions: {} jobs: lock: + permissions: + issues: write # to lock issues (dessant/lock-threads) + pull-requests: write # to lock PRs (dessant/lock-threads) + runs-on: ubuntu-latest steps: - uses: dessant/lock-threads@v3