Restrict GITHUB_TOKEN in markdownlint action (#61622)

Currently, Actions in the dotnet/runtime repository have read/write access by default, unless their permissions have been explicitly declared. The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party `markdownlint-cli` npm package can do which is installed as part of the workflow.
dotnet · Nov 15, 2021 · 6401f33 · 6401f33
1 parent d471a03
commit 6401f33
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml
@@ -1,5 +1,8 @@
 name: Markdownlint
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     paths: