From 1908042933f1e24328558d233425431619059ba2 Mon Sep 17 00:00:00 2001
From: Adam Daley <admdly@users.noreply.github.com>
Date: Thu, 20 Feb 2025 01:21:27 +0000
Subject: [PATCH] Add read permissions for Authorization Check workflow job

---
 .github/workflows/build-deploy.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml
index ab38d1dd..d6196f6e 100644
--- a/.github/workflows/build-deploy.yml
+++ b/.github/workflows/build-deploy.yml
@@ -10,6 +10,8 @@ jobs:
   # Require authorization/approval before running on external forks/pull requests.
   authorize:
     name: 'Authorization Check'
+    permissions:
+      contents: read
     environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.id != github.repository_id && 'external' || 'internal' }}
     runs-on: ubuntu-latest
     steps:
@@ -42,4 +44,4 @@ jobs:
       vercel_token: ${{ secrets.VERCEL_TOKEN }}
     with:
       environment: 'Production'
-      prod_deployment: true
\ No newline at end of file
+      prod_deployment: true