From f30c749b16c34ca9e0d6dcc3165a578db9795655 Mon Sep 17 00:00:00 2001
From: Marc Mueller <30130371+cdce8p@users.noreply.github.com>
Date: Sun, 18 May 2025 12:44:01 +0200
Subject: [PATCH] Improve backport job permissions (#10390)

(cherry picked from commit 222ab2005b4cd2cbd0c5ed245d2fe5d66c878f55)
---
 .github/workflows/backport.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index 9fbc070e5d..eaa4b221e4 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -6,14 +6,14 @@ on:
       - labeled
 
 permissions:
-  actions: write
-  contents: write
-  pull-requests: write
+  contents: read
 
 jobs:
   backport:
     name: Backport
     runs-on: ubuntu-latest
+    environment:
+      name: Backport
     # Only react to merged PRs for security reasons.
     # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
     if: >
@@ -27,4 +27,4 @@ jobs:
     steps:
       - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2.0.4
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.BACKPORT_TOKEN }}