From 46175f56ba9e79d8ae3b36815f730361fe05dea7 Mon Sep 17 00:00:00 2001
From: ann0see <20726856+ann0see@users.noreply.github.com>
Date: Sat, 19 Nov 2022 22:50:03 +0100
Subject: [PATCH] Copyright notices: Minimize GitHub workflow permissions

---
 .github/workflows/update-copyright-notices.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/update-copyright-notices.yml b/.github/workflows/update-copyright-notices.yml
index d403b13849..dd1c91233a 100644
--- a/.github/workflows/update-copyright-notices.yml
+++ b/.github/workflows/update-copyright-notices.yml
@@ -1,5 +1,6 @@
 name: Update copyright notices
 
+permissions: {}
 on:
   push:
     branches:
@@ -14,6 +15,9 @@ jobs:
       github.repository_owner == 'jamulussoftware' &&
       github.event_name == 'push'
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
     steps:
       - uses: actions/checkout@v3
       - run: ./tools/update-copyright-notices.sh
@@ -43,6 +47,9 @@ jobs:
       github.event_name == 'pull_request' &&
       startsWith(github.event.pull_request.head.label, 'jamulussoftware:updateCopyrightNotices')
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
     steps:
       - uses: actions/checkout@v3
       - env: