drop pr approver workflow top-level permissions

Set top-level permissions to none. This is the best practice for GH actions, and for example OpenSSF Scorecards penalize CAPI for not having it. Signed-off-by: Tuomo Tanskanen <[email protected]>
kubernetes-sigs · May 22, 2024 · 37efb8f · 37efb8f
1 parent a2b7dd1
commit 37efb8f
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/pr-gh-workflow-approve.yaml b/.github/workflows/pr-gh-workflow-approve.yaml
@@ -8,6 +8,8 @@ on:
       - reopened
       - synchronize
 
+permissions: {}
+
 jobs:
   approve:
     name: Approve ok-to-test