From 37efb8f48c0020d00ddd7defad28f7c55f440718 Mon Sep 17 00:00:00 2001
From: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
Date: Wed, 22 May 2024 17:55:20 +0300
Subject: [PATCH] drop pr approver workflow top-level permissions

Set top-level permissions to none. This is the best practice for
GH actions, and for example OpenSSF Scorecards penalize CAPI for
not having it.

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
---
 .github/workflows/pr-gh-workflow-approve.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/pr-gh-workflow-approve.yaml b/.github/workflows/pr-gh-workflow-approve.yaml
index d91cd21b8e87..f493fd40032d 100644
--- a/.github/workflows/pr-gh-workflow-approve.yaml
+++ b/.github/workflows/pr-gh-workflow-approve.yaml
@@ -8,6 +8,8 @@ on:
       - reopened
       - synchronize
 
+permissions: {}
+
 jobs:
   approve:
     name: Approve ok-to-test