2 changed files with 2 additions and 0 deletions
@@ -84,6 +84,7 @@ on:
 permissions:
  contents: read
  pull-requests: read
+  secrets: read
  # NOTE: `statuses: write` is the GitHub-Actions name for POST /statuses.
  # Gitea 1.22.6 may not gate on this permission key (it just checks the
  # token), but listing it explicitly documents intent for the next
@@ -71,6 +71,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: read
+      secrets: read
    steps:
      - name: Check out base branch (for the script)
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2