From 8d131b72993003583582194effb35b3141203593 Mon Sep 17 00:00:00 2001
From: Kylie Stradley <4666485+KyFaSt@users.noreply.github.com>
Date: Tue, 21 Jan 2025 21:28:37 -0500
Subject: [PATCH] Add Recommended Permissions

To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs
---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 507f6e1..d7c293d 100644
--- a/README.md
+++ b/README.md
@@ -478,3 +478,11 @@ At the bottom of the workflow summary page, there is a dedicated section for art
 There is a trashcan icon that can be used to delete the artifact. This icon will only appear for users who have write permissions to the repository.
 
 The size of the artifact is denoted in bytes. The displayed artifact size denotes the size of the zip that `upload-artifact` creates during upload.
+
+# Recommended Permissions
+
+The `actions/upload-artifact` workflow relies on an internal authentication pattern and does not use the GITHUB_TOKEN, to reduce risk of over-privileged token, jobs that use `actions/upload-artifact` should set permissions to none:
+
+```yaml
+permissions: {}
+```