[llvm] workflows: Remove top-level permissions from release-tasks.yml (PR #91088)

[Tom Stellard via llvm-commits]

https://github.com/tstellar created https://github.com/llvm/llvm-project/pull/91088

This is the recommend best practice and we also don't need write access for all jobs.

>From 57a9c053f161cb3230a3eb771f8d7faa5e7b576d Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 4 May 2024 21:29:35 +0000
Subject: [PATCH] workflows: Remove top-level permissions from
 release-tasks.yml

This is the recommend best practice and we also don't need write
access for all jobs.
---
 .github/workflows/release-tasks.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml
index 53da8662b0203a..29049ff0142887 100644
--- a/.github/workflows/release-tasks.yml
+++ b/.github/workflows/release-tasks.yml
@@ -1,7 +1,7 @@
 name: Release Task
 
 permissions:
-  contents: write
+  contents: read
 
 on:
   push:
@@ -27,6 +27,8 @@ jobs:
   release-create:
     name: Create a New Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # For creating the release.
     needs: validate-tag
 
     steps:
@@ -55,6 +57,8 @@ jobs:
 
   release-doxygen:
     name: Build and Upload Release Doxygen
+    permissions:
+      contents: write
     needs:
       - validate-tag
       - release-create
@@ -72,6 +76,8 @@ jobs:
 
   release-binaries:
     name: Build Release Binaries
+    permissions:
+      contents: write
     needs:
       - validate-tag
       - release-create