From 46a805fe700738e5285347da8338089d8af14380 Mon Sep 17 00:00:00 2001
From: Dominic Evans <dominic.evans@uk.ibm.com>
Date: Tue, 7 Jan 2025 14:13:19 +0000
Subject: [PATCH] fix(ci): avoid scorecard warning about top-level permissions

Move the cache management permissions to the specific job rather than
setting them at the top-level of the given workflow to avoid a warning
from scorecard

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
---
 .github/workflows/cache-cleanup.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cache-cleanup.yml b/.github/workflows/cache-cleanup.yml
index e5cf36ba4..5f37f829a 100644
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -6,10 +6,12 @@ on:
       - closed
 
 permissions:
-  actions: write # for cache management
+  contents: read # for actions/checkout to fetch code
 
 jobs:
   cleanup:
+    permissions:
+      actions: write # for cache management
     runs-on: ubuntu-latest
     steps:
       - name: Delete Caches