From 90dd3c3020c5df90fb48980a4fb9de03dd3b9d52 Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Sun, 25 Sep 2022 18:03:13 +0200
Subject: [PATCH] build: harden report-nunit.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/report-nunit.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/report-nunit.yml b/.github/workflows/report-nunit.yml
index 358cbda17a..bfc9620174 100644
--- a/.github/workflows/report-nunit.yml
+++ b/.github/workflows/report-nunit.yml
@@ -8,8 +8,12 @@ on:
     workflows: ["Continuous Integration"]
     types:
       - completed
+permissions: {}
 jobs:
   annotate:
+    permissions:
+      checks: write # to create checks (dorny/test-reporter)
+
     name: Annotate CI run with test results
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion != 'cancelled' }}