From de8aae16198bb31c5f54856b4e3b678955a0079d Mon Sep 17 00:00:00 2001
From: Step Security Bot <bot@stepsecurity.io>
Date: Fri, 7 Oct 2022 23:10:43 -0700
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions in
 merge-conflict-checker.yml (#6802)

---
 .github/workflows/merge-conflict-checker.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/merge-conflict-checker.yml b/.github/workflows/merge-conflict-checker.yml
index 4eb950c9421..a0fdb1b7a08 100644
--- a/.github/workflows/merge-conflict-checker.yml
+++ b/.github/workflows/merge-conflict-checker.yml
@@ -21,8 +21,13 @@ on:
   pull_request_target:
     types: [synchronize]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   triage:
+    permissions:
+      pull-requests: write  # for eps1lon/actions-label-merge-conflict to label PRs
     runs-on: ubuntu-latest
     steps:
     - name: Conflict Check