From c4ea194c6880d6471a0258db1e8a292df3fa2954 Mon Sep 17 00:00:00 2001
From: Diogo Teles Sant'Anna <diogoteles@google.com>
Date: Wed, 24 May 2023 13:47:52 -0300
Subject: [PATCH] GH-35706: [CI] Set minimal permissions on
 pr_review_trigger.yml (#35708)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #35706
* Closes: #35706

Authored-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Signed-off-by: Raúl Cumplido <raulcumplido@gmail.com>
---
 .github/workflows/pr_review_trigger.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pr_review_trigger.yml b/.github/workflows/pr_review_trigger.yml
index e765de184d4f6..0cd89b3206715 100644
--- a/.github/workflows/pr_review_trigger.yml
+++ b/.github/workflows/pr_review_trigger.yml
@@ -18,6 +18,9 @@
 name: "Label when reviewed"
 on: pull_request_review
 
+permissions:
+  contents: read
+
 jobs:
   # due to GitHub Actions permissions we can't change labels on the pull_request_review
   # workflow. We trigger a new workflow run which will have permissions to add labels.