From 379ba613a68fafdd756db370f0ef878a0d3a7308 Mon Sep 17 00:00:00 2001
From: awwpotato <153149335+awwpotato@users.noreply.github.com>
Date: Sun, 13 Apr 2025 03:40:57 -0700
Subject: [PATCH] ci: explicit permissions for github app token (#1132)

---
 .github/workflows/backport.yml     | 2 ++
 .github/workflows/update-flake.yml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index adc161c3..312826f0 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -31,6 +31,8 @@ jobs:
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          permission-contents: write
+          permission-pull-requests: write
 
       - uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml
index e096b5bb..f45496d8 100644
--- a/.github/workflows/update-flake.yml
+++ b/.github/workflows/update-flake.yml
@@ -24,6 +24,8 @@ jobs:
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          permission-contents: write
+          permission-pull-requests: write
 
       - uses: DeterminateSystems/update-flake-lock@v24
         with: