From cd3563a5da46b0d6bc25e7d63c3add35f8659e9b Mon Sep 17 00:00:00 2001
From: "Tomi P. Hakala" <tomi.hakala@pobox.fi>
Date: Tue, 14 Jan 2025 19:58:06 +0200
Subject: [PATCH] chore: update GitHub Actions workflow for AUTHORS file

- Added an explicit permissions block at the workflow level to define access for contents and pull-requests.
- Explicitly set the GITHUB_TOKEN in the checkout and create-pull-request steps for improved security and clarity.
- These changes enhance the maintainability and security of the workflow for updating the AUTHORS file.
---
 .github/workflows/update-authors.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/update-authors.yml b/.github/workflows/update-authors.yml
index d3bc9a19..a388148f 100644
--- a/.github/workflows/update-authors.yml
+++ b/.github/workflows/update-authors.yml
@@ -8,15 +8,18 @@ on:
     - cron: '0 0 1 * *'  # Monthly
   workflow_dispatch:  # Manual trigger
 
+permissions:  # Add explicit permissions block at workflow level
+  contents: write
+  pull-requests: write
+
 jobs:
   update-authors:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
     
     steps:
       - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}  # Explicitly set the token
       
       - name: Update AUTHORS file
         env:
@@ -51,6 +54,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v5
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}  # Explicitly set the token
           commit-message: 'docs: update AUTHORS file with current contributors'
           title: 'Update AUTHORS file'
           body: |