From b6cb9b0c1b51a5a03ba79cea51ee8602f24afe26 Mon Sep 17 00:00:00 2001
From: Mike Bond <mjbond-msft@outlook.com>
Date: Fri, 9 Feb 2024 12:05:44 -0800
Subject: [PATCH] backport-trigger: Revise permissions based on sudden failures
 (#36)

---
 .github/workflows/backport-action.yml  | 4 ++--
 .github/workflows/backport-trigger.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/backport-action.yml b/.github/workflows/backport-action.yml
index 0f68bd6..69e0b8b 100644
--- a/.github/workflows/backport-action.yml
+++ b/.github/workflows/backport-action.yml
@@ -46,9 +46,9 @@ jobs:
     # https://docs.opensource.microsoft.com/github/apps/permission-changes/
     # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
     permissions:
-      actions: read
+      actions: none
       contents: read
-      security-events: write
+      security-events: none
     env:
       # Protect against script injection attacks via input variables (i.e., the content of the variables could be executed at the time of evaluation/expansion within a script)
       # Scripts must consume the environment variable settings instead
diff --git a/.github/workflows/backport-trigger.yml b/.github/workflows/backport-trigger.yml
index b8f0b29..72479db 100644
--- a/.github/workflows/backport-trigger.yml
+++ b/.github/workflows/backport-trigger.yml
@@ -13,9 +13,9 @@ jobs:
     # https://docs.opensource.microsoft.com/github/apps/permission-changes/
     # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
     permissions:
-      actions: write
+      actions: none
       contents: read
-      security-events: write
+      security-events: none
     if: github.event.issue.pull_request != '' && startswith(github.event.comment.body, '@gitbot backport')
     outputs:
       target_branch: ${{ steps.parse_comment.outputs.target_branch }}