From e1553becbcd4f838a083a59a8faf33c837b058da Mon Sep 17 00:00:00 2001
From: Matti Nannt <mail@matthiasnannt.com>
Date: Tue, 18 Feb 2025 18:44:06 +0100
Subject: [PATCH] fix: scorecard action permissions (#4760)

---
 .github/workflows/scorecard.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index abc3199b35..e9a0a91761 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -10,9 +10,9 @@ on:
   # To guarantee Maintained check is occasionally updated. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
-    - cron: '17 17 * * 6'
+    - cron: "17 17 * * 6"
   push:
-    branches: [ "main" ]
+    branches: ["main"]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -26,6 +26,8 @@ jobs:
       security-events: write
       # Needed to publish results and get a badge (see publish_results below).
       id-token: write
+      # Add this permission
+      actions: write # Required for artifact upload
       # Uncomment the permissions below if installing in a private repository.
       # contents: read
       # actions: read