From 506a3765a81da9182bbe2f0e6245d1a3f0026679 Mon Sep 17 00:00:00 2001
From: ThetaSinner <ThetaSinner@users.noreply.github.com>
Date: Wed, 5 Jun 2024 17:46:34 +0100
Subject: [PATCH] Scope permissions to build job

---
 .github/workflows/build-and-cache.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-and-cache.yaml b/.github/workflows/build-and-cache.yaml
index a450f04..f294e47 100644
--- a/.github/workflows/build-and-cache.yaml
+++ b/.github/workflows/build-and-cache.yaml
@@ -6,10 +6,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref_name }}
   cancel-in-progress: true
 
-permissions:
-  contents: read
-  id-token: write
-
 jobs:
   nix-check:
     runs-on: ubuntu-latest
@@ -44,6 +40,10 @@ jobs:
 
     runs-on: ${{ matrix.os }}
 
+    permissions:
+      contents: read
+      id-token: write
+
     steps:
       - name: Print platform information
         run: uname -ms