From 8e1855e4e20ed303f0a1268e3ba179e1da1ef4c7 Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Thu, 8 Dec 2022 18:54:18 +0200
Subject: [PATCH] build: harden validate.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/validate.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index ad4adccf..0f99d084 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -12,6 +12,10 @@ on:
       - 'alpha'
       - '!all-contributors/**'
   pull_request: {}
+permissions:
+  actions: write #  to cancel/stop running workflows (styfle/cancel-workflow-action)
+  contents: read #  to fetch code (actions/checkout)
+
 jobs:
   main:
     continue-on-error: ${{ matrix.react != 'latest' }}
@@ -58,6 +62,10 @@ jobs:
           flags: ${{ matrix.react }}
 
   release:
+    permissions:
+      actions: write #  to cancel/stop running workflows (styfle/cancel-workflow-action)
+      contents: write #  to create release tags (cycjimmy/semantic-release-action)
+
     needs: main
     runs-on: ubuntu-latest
     if: