From 7dd530af02a11d5cac9bb7c649a171c4ffb309d6 Mon Sep 17 00:00:00 2001
From: mauwii <Mauwii@outlook.de>
Date: Sat, 30 Sep 2023 06:59:33 +0200
Subject: [PATCH] update ci workflow permissions

---
 .github/workflows/ci.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4fdedd7..a04578c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,8 +15,6 @@ on:
 
 permissions:
   contents: read
-  packages: write
-  pull-requests: write
 
 env:
   REGISTRY: ${{ (vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '') && 'docker.io' || 'ghcr.io' }}
@@ -70,6 +68,11 @@ jobs:
   build:
     needs: test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      pull-requests: write
+      security-events: write
     strategy:
       matrix:
         targets: ${{ fromJson(needs.test.outputs.targets) }}