From b59e643c9e1fdb7d9f7f548eb3b9520f26b4c7d2 Mon Sep 17 00:00:00 2001
From: Alex <93376818+sashashura@users.noreply.github.com>
Date: Tue, 6 Sep 2022 07:14:17 +0200
Subject: [PATCH] Reduce permissions for repl-artefacts.yml workflow (#4630)

Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>

Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
Co-authored-by: Lukas Taegert-Atkinson <lukastaegert@users.noreply.github.com>
---
 .github/workflows/repl-artefacts.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/repl-artefacts.yml b/.github/workflows/repl-artefacts.yml
index 564f1b93f9d..04f8d067986 100644
--- a/.github/workflows/repl-artefacts.yml
+++ b/.github/workflows/repl-artefacts.yml
@@ -4,8 +4,13 @@ on:
   pull_request_target:
     types: [synchronize, opened, reopened, labeled]
 
+permissions:
+  contents: read
+
 jobs:
   upload:
+    permissions:
+      issues: write # for peter-evans/find-comment and peter-evans/create-or-update-comment
     if: ${{ github.event.pull_request.head.repo.full_name == 'rollup/rollup' || contains( toJson(github.event.pull_request.labels), 'x⁸ ⚙️ build repl artefacts' ) }}
     runs-on: ubuntu-latest
     name: Upload