From b928e60d8b4a1d83deb2800b6c2b083c73d722b8 Mon Sep 17 00:00:00 2001
From: Alois Klink <alois@aloisklink.com>
Date: Sun, 24 Sep 2023 18:04:06 +0100
Subject: [PATCH] ci(pr-labeler): limit GITHUB_TOKEN permissions

Limit the `GITHUB_TOKEN` permissions for `TimonVS/pr-labeler-action`
to the minimum required permissions.
---
 .github/workflows/pr-labeler.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 0a53c6e42..d2df287e5 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -3,9 +3,15 @@ on:
   pull_request_target:
     types: [opened]
 
+permissions:
+  contents: read
+
 jobs:
   pr-labeler:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # read permission is required to read config file
+      pull-requests: write # write permission is required to label PRs
     steps:
       - name: Label PR
         uses: TimonVS/pr-labeler-action@v4