build: harden release-drafter.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
redis · dvora-h · Nov 21, 2022 · Nov 3, 2022 · Nov 3, 2022 · Nov 3, 2022
commit 40cf0163bbda188d58f03d02ac2d25a07f70daa6
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -6,8 +6,13 @@ on:
     branches:
       - master
 
+permissions: {}
 jobs:
   update_release_draft:
+    permissions:
+      pull-requests: write  #  to add label to PR (release-drafter/release-drafter)
+      contents: write  #  to create a github release (release-drafter/release-drafter)
+
     runs-on: ubuntu-latest
     steps:
       # Drafts your next Release notes as Pull Requests are merged into "master"