From ec1a9c1978eea9fdb96c69089adaa4f58973594b Mon Sep 17 00:00:00 2001
From: Artem Gavrilov <artem.gavrilov@percona.com>
Date: Wed, 11 Dec 2024 15:03:32 +0200
Subject: [PATCH] PG-1238 Harden CI permissions (#376)

---
 .github/workflows/postgresql-17-src-meson-perf.yml | 4 +---
 .github/workflows/postgresql-perf-results.yml      | 3 +++
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/postgresql-17-src-meson-perf.yml b/.github/workflows/postgresql-17-src-meson-perf.yml
index 798f0ce016e..9409140da66 100644
--- a/.github/workflows/postgresql-17-src-meson-perf.yml
+++ b/.github/workflows/postgresql-17-src-meson-perf.yml
@@ -1,9 +1,7 @@
 name: Perf test
 on: [pull_request]
 permissions:
-  contents: write
-  pull-requests: write
-  repository-projects: write
+  contents: read
 
 jobs:
   build:
diff --git a/.github/workflows/postgresql-perf-results.yml b/.github/workflows/postgresql-perf-results.yml
index 9ffc48e31f5..fb32d1bcf0b 100644
--- a/.github/workflows/postgresql-perf-results.yml
+++ b/.github/workflows/postgresql-perf-results.yml
@@ -6,6 +6,9 @@ on:
     types:
       - completed
 
+permissions:
+  contents: read
+
 jobs:
   download:
     runs-on: ubuntu-latest