From b14538aef1fe525e4052a50fef65110379ba76ed Mon Sep 17 00:00:00 2001
From: Matt Moore <mattmoor@chainguard.dev>
Date: Fri, 22 Mar 2024 12:42:33 -0700
Subject: [PATCH] Add the `default-permissions` check to `chainguard-dev` (#47)

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
---
 .github/workflows/ghaudit.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/ghaudit.yaml b/.github/workflows/ghaudit.yaml
index 24d55af..c0f345e 100644
--- a/.github/workflows/ghaudit.yaml
+++ b/.github/workflows/ghaudit.yaml
@@ -28,6 +28,14 @@ jobs:
         packages: ghaudit
         command: ghaudit org -o ${{ github.repository_owner }} deploy-keys
 
+    - name: Default Permissions
+      uses: wolfi-dev/wolfi-act@main
+      env:
+        GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
+      with:
+        packages: ghaudit
+        command: ghaudit org -o ${{ github.repository_owner }} default-permissions
+
     - uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0
       if: ${{ failure() }}
       env: