From 07b9ba2bb4aadfea7c177df8e747b3e79409d8af Mon Sep 17 00:00:00 2001
From: Niels van Velzen <git@ndat.nl>
Date: Fri, 5 Nov 2021 22:43:09 +0100
Subject: [PATCH] Set GITHUB_TOKEN permissions to read only in OpenAPI workflow

---
 .github/workflows/openapi.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml
index 798ce5898a..ea9188f1b1 100644
--- a/.github/workflows/openapi.yml
+++ b/.github/workflows/openapi.yml
@@ -9,6 +9,7 @@ jobs:
   openapi-head:
     name: OpenAPI - HEAD
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
@@ -34,6 +35,7 @@ jobs:
     name: OpenAPI - BASE
     if: ${{ github.base_ref != '' }}
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2