Strip down permissions.

desrosj · desrosj · commit 2c1a91f67653 · 2025-02-03T20:54:46.000-05:00
diff --git a/.github/workflows/pull-requests-built-files.yml b/.github/workflows/pull-requests-built-files.yml
@@ -2,7 +2,7 @@
 name: Manage Built Files for PRs
 
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - trunk
       - '6.[8-9]'
@@ -27,7 +27,7 @@ on:
 concurrency:
   # The concurrency group contains the workflow name and the branch name for pull requests
   # or the commit hash for any other events.
-  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.sha }}
+  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
 
 # Disable permissions for all available scopes by default.
 # Any needed permissions should be configured at the job level.
@@ -39,10 +39,8 @@ jobs:
     name: Updates built files when necessary
     runs-on: ubuntu-24.04
     permissions:
-      issues: write
       pull-requests: write
-      contents: write
-    if: ${{ github.event_name == 'pull_request_target' }}
+    if: ${{ github.event_name == 'pull_request' }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
