ci: Add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
author: Varun Sharma <varunsh@stepsecurity.io> 2022-07-08 10:53:38 -0700
committer: Varun Sharma <varunsh@stepsecurity.io> 2022-07-08 10:53:38 -0700
commit: 2c71278a2395d6d8c4e06d1ebe4de1ffdae727c7 (patch)
tree: dae8142c39e39d2e045ef99d690e498e77095297 /.github/workflows/periodic-merge-6h.yml
parent: 1ba4ca5995d9711b5f15fd070543d9fe948e7110 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml
index 5588d216ea030..bcc9f48835883 100644
--- a/.github/workflows/periodic-merge-6h.yml
+++ b/.github/workflows/periodic-merge-6h.yml
@@ -14,8 +14,14 @@ on:
     # Merge every 6 hours
     - cron:  '0 */6 * * *'
 
+permissions:
+  contents: read
+
 jobs:
   periodic-merge:
+    permissions:
+      contents: write  # for devmasx/merge-branch to merge branches
+      issues: write  # for peter-evans/create-or-update-comment to create or update comment
     if: github.repository_owner == 'NixOS'
     runs-on: ubuntu-latest
     strategy:
author	Varun Sharma <varunsh@stepsecurity.io>	2022-07-08 10:53:38 -0700
committer	Varun Sharma <varunsh@stepsecurity.io>	2022-07-08 10:53:38 -0700
commit	2c71278a2395d6d8c4e06d1ebe4de1ffdae727c7 (patch)
tree	dae8142c39e39d2e045ef99d690e498e77095297 /.github/workflows/periodic-merge-6h.yml
parent	1ba4ca5995d9711b5f15fd070543d9fe948e7110 (diff)