From 7a42dd8c97ae461b5a281cc557baab7b83401005 Mon Sep 17 00:00:00 2001
From: Nicolas Peugnet <nicolas@club1.fr>
Date: Sun, 28 Jul 2024 18:14:18 +0200
Subject: [PATCH] Declare write permissions only for jobs that require them

---
 .github/workflows/build.yml | 3 +++
 .github/workflows/clean.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 82cb24c9..9aca5f16 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -152,6 +152,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: html
     concurrency: preview-${{ github.ref }}
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml
index e73f4179..218b237b 100644
--- a/.github/workflows/clean.yml
+++ b/.github/workflows/clean.yml
@@ -12,6 +12,9 @@ concurrency: preview-${{ github.ref }}
 jobs:
   preview:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4