From a4728d660000bd965a7457de2aef136a9fd61096 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Wed, 10 Jul 2024 09:02:11 -0700
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#5191)

## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@robertbastian. Please merge the Pull Request to incorporate the
requested changes. Please tag @robertbastian on your message if you have
any questions related to the PR.
## Security Fixes

### Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make
authenticated calls to the GitHub API. GitHub recommends setting minimum
token permissions for the GITHUB_TOKEN.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions)


## Feedback
For bug reports, feature requests, and general feedback; please email
support@stepsecurity.io. To create such PRs, please visit
https://app.stepsecurity.io/securerepo.


Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/artifacts-info.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/artifacts-info.yml b/.github/workflows/artifacts-info.yml
index 2b7766875fb..f1c0790dff8 100644
--- a/.github/workflows/artifacts-info.yml
+++ b/.github/workflows/artifacts-info.yml
@@ -12,6 +12,9 @@ on:
   pull_request:
     branches: ["*"]
 
+permissions:
+  contents: read
+
 jobs:
   docs:
     name: "Docs Preview"