Set permissions for GitHub actions (#7984)

This limits the damage that a compromised GitHub action could do. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
author: Naveen <[email protected]> 2022-03-24 11:32:57 -0500
committer: GitHub <[email protected]> 2022-03-24 09:32:57 -0700
commit: f4a7ba967e739239173bc2440b4e1c6ba3cf41f0 (patch)
tree: 9898f809d99de6014c8a15ab0bfd4adf8a913317 /.github/workflows/commit-validation.yml
parent: 8d045653948d7e522486203507d1edeb356a6fd3 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/.github/workflows/commit-validation.yml b/.github/workflows/commit-validation.yml
index 0b52e94e5..1c785d6f8 100644
--- a/.github/workflows/commit-validation.yml
+++ b/.github/workflows/commit-validation.yml
@@ -1,6 +1,9 @@
 name: commit-validation
 on: [ push, pull_request ]
 
+permissions:
+  contents: read
+
 jobs:
   check-commit-msg-length:
     runs-on: ubuntu-latest
author	Naveen <[email protected]>	2022-03-24 11:32:57 -0500
committer	GitHub <[email protected]>	2022-03-24 09:32:57 -0700
commit	f4a7ba967e739239173bc2440b4e1c6ba3cf41f0 (patch)
tree	9898f809d99de6014c8a15ab0bfd4adf8a913317 /.github/workflows/commit-validation.yml
parent	8d045653948d7e522486203507d1edeb356a6fd3 (diff)