diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index ab38d1dd..d6196f6e 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -10,6 +10,8 @@ jobs: # Require authorization/approval before running on external forks/pull requests. authorize: name: 'Authorization Check' + permissions: + contents: read environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.id != github.repository_id && 'external' || 'internal' }} runs-on: ubuntu-latest steps: @@ -42,4 +44,4 @@ jobs: vercel_token: ${{ secrets.VERCEL_TOKEN }} with: environment: 'Production' - prod_deployment: true \ No newline at end of file + prod_deployment: true