Restrict permissions and pin "uses:"

probonopd · Jul 27, 2024 · dd5459e · dd5459e
1 parent 3b033db
commit dd5459e
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml
@@ -12,10 +12,16 @@ jobs:
     name: Add artifact links to PR and issues
     runs-on: ubuntu-22.04
 
+    # Restrict permissions for the GITHUB_TOKEN, https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+    permissions:
+      issues: write
+      pull-requests: write
+      actions: read
+
     steps:
     - name: Add artifact links to PR and issues
       if: github.event.workflow_run.event == 'pull_request'
-      uses: tonyhallett/[email protected]
+      uses: tonyhallett/artifacts-url-comments@0965ff1a7ae03c5c1644d3c30f956effea4e05ef # v1.1.0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with: