From 0574e1e9039f7a293badd8c51504d443538efb4f Mon Sep 17 00:00:00 2001
From: Pedro Nacht <pedro.k.night@gmail.com>
Date: Tue, 1 Nov 2022 15:24:49 -0300
Subject: [PATCH] labeler.yml: set top-level read-only permissions (#9862)

---
 .github/workflows/labeler.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 7b345a4851b..c76ba196430 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -2,13 +2,15 @@ name: "Pull Request Labeler"
 on:
   - pull_request_target
 
+permissions:
+  contents: read
+
 jobs:
   triage:
     permissions:
-      contents: read
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/labeler@v4
         with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
\ No newline at end of file
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"