From 71d20c9d4a75b51b95c56df43ba1efd934158acb Mon Sep 17 00:00:00 2001
From: Alex <93376818+sashashura@users.noreply.github.com>
Date: Tue, 6 Sep 2022 07:14:17 +0200
Subject: [PATCH] Reduce permissions for repl-artefacts.yml workflow (#4630)

Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>

Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
Co-authored-by: Lukas Taegert-Atkinson <lukastaegert@users.noreply.github.com>
---
 .github/workflows/repl-artefacts.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/repl-artefacts.yml b/.github/workflows/repl-artefacts.yml
index 564f1b93f9d..663060c76cc 100644
--- a/.github/workflows/repl-artefacts.yml
+++ b/.github/workflows/repl-artefacts.yml
@@ -4,8 +4,13 @@ on:
   pull_request_target:
     types: [synchronize, opened, reopened, labeled]
 
+permissions:
+  contents: read
+
 jobs:
   upload:
+    permissions:
+      pull-requests: write # for peter-evans/find-comment and peter-evans/create-or-update-comment
     if: ${{ github.event.pull_request.head.repo.full_name == 'rollup/rollup' || contains( toJson(github.event.pull_request.labels), 'x⁸ ⚙️ build repl artefacts' ) }}
     runs-on: ubuntu-latest
     name: Upload