From ca78f853c4403f81294579c6fbff6acd2632795e Mon Sep 17 00:00:00 2001
From: Dan Yeaw <dan@yeaw.me>
Date: Mon, 2 May 2022 21:17:20 -0400
Subject: [PATCH] Add permissions to README

Closes #869. Permissions based on analysis by https://app.stepsecurity.io/.
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 248e633f0..f02560bad 100644
--- a/README.md
+++ b/README.md
@@ -26,8 +26,14 @@ on:
   # pull_request_target:
   #   types: [opened, reopened, synchronize]
 
+permissions:
+  contents: read
+
 jobs:
   update_release_draft:
+    permissions:
+      contents: write  # for release-drafter/release-drafter to create a github release
+      pull-requests: write  # for release-drafter/release-drafter to add label to PR
     runs-on: ubuntu-latest
     steps:
       # (Optional) GitHub Enterprise requires GHE_HOST variable set