From a603b8e7d3317f89df7c78ed108540f20ffd82e9 Mon Sep 17 00:00:00 2001
From: Frank Elsinga <frank@elsinga.de>
Date: Fri, 2 Jan 2026 03:01:35 +0100
Subject: [PATCH] more permissions

---
 .github/workflows/validate.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index e1d760b52..3da0f9060 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -8,14 +8,14 @@ on:
       - master
       - 1.23.X
   workflow_dispatch:
-
-permissions:
-  contents: read
-  pull-requests: write # enable write permissions for pull request comments
+permissions: {}
 
 jobs:
   json-yaml-validate:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write # enable write permissions for pull request comments
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with: { persist-credentials: false }
@@ -30,6 +30,8 @@ jobs:
   # General validations
   validate:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with: { persist-credentials: false }