From 8a73b3953ceacbfbd3a84db151395c1d5ff719e0 Mon Sep 17 00:00:00 2001
From: Alex <93376818+sashashura@users.noreply.github.com>
Date: Wed, 31 Aug 2022 15:45:17 +0100
Subject: [PATCH] chore(ci): GitHub Workflows security hardening (#8030)

---
 .github/workflows/lighthouse-report.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/lighthouse-report.yml b/.github/workflows/lighthouse-report.yml
index 729d116bcf32..f7be9bbe95b9 100644
--- a/.github/workflows/lighthouse-report.yml
+++ b/.github/workflows/lighthouse-report.yml
@@ -6,12 +6,17 @@ on:
       - main
       - docusaurus-v**
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   lighthouse-report:
+    permissions:
+      pull-requests: write # for marocchino/sticky-pull-request-comment
     name: Lighthouse Report
     runs-on: ubuntu-latest
     steps: