From 8714066d89a1f45aec1d20c84c093bc53c07f896 Mon Sep 17 00:00:00 2001
From: Mike Fiedler <miketheman@gmail.com>
Date: Thu, 31 Oct 2024 17:47:58 -0400
Subject: [PATCH] fix(ci): move read permissions to job scope

Setting permissions at the Job level, this overrides the parent `contents: read` setting, failing for private repositories.
---
 .github/workflows/zizmor.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 08294a4a..af9d7322 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -7,14 +7,12 @@ on:
   pull_request:
     branches: ["*"]
 
-permissions:
-  contents: read
-
 jobs:
   zizmor:
     name: Zizmor latest via Cargo
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       security-events: write
     steps:
       - name: Checkout repository