From 18c104a68d1683c21bf51b3d768f70ab8f98be9b Mon Sep 17 00:00:00 2001
From: Step Security <bot@stepsecurity.io>
Date: Mon, 3 Oct 2022 20:45:58 +0000
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions in
 merge-conflict-checker.yml

---
 .github/workflows/merge-conflict-checker.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/merge-conflict-checker.yml b/.github/workflows/merge-conflict-checker.yml
index 4eb950c94213..a0fdb1b7a081 100644
--- a/.github/workflows/merge-conflict-checker.yml
+++ b/.github/workflows/merge-conflict-checker.yml
@@ -21,8 +21,13 @@ on:
   pull_request_target:
     types: [synchronize]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   triage:
+    permissions:
+      pull-requests: write  # for eps1lon/actions-label-merge-conflict to label PRs
     runs-on: ubuntu-latest
     steps:
     - name: Conflict Check