From c3c84679e6df95345d7f16aa09665662888e6c19 Mon Sep 17 00:00:00 2001
From: Georg Kunz <georg.kunz@ericsson.com>
Date: Mon, 20 Nov 2023 10:57:37 +0100
Subject: [PATCH] OpenSSF best practices: set GitHub token permission to
 read-only (#615)

Signed-off-by: Georg Kunz <georg.kunz@ericsson.com>
---
 .github/workflows/actions.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
index 8f7be10d6..c6eda7802 100644
--- a/.github/workflows/actions.yml
+++ b/.github/workflows/actions.yml
@@ -14,6 +14,8 @@ on:
 env:
   MAVEN_OPTS: -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
 
+permissions: read-all
+
 jobs:
   tests:
     runs-on: ubuntu-20.04