From 8327079a12fe1cf79805dbb88b8b983f7faca39a Mon Sep 17 00:00:00 2001
From: "James M. Greene" <JamesMGreene@github.com>
Date: Mon, 13 Sep 2021 12:09:59 -0500
Subject: [PATCH] Revise permissions for internal board workflow (#21440)

* Only add requests to board when workflow is run internally
* Restrict GITHUB_TOKEN permissions
---
 .github/workflows/docs-review-collect.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/docs-review-collect.yml b/.github/workflows/docs-review-collect.yml
index e73b886301..550d308fbe 100644
--- a/.github/workflows/docs-review-collect.yml
+++ b/.github/workflows/docs-review-collect.yml
@@ -9,9 +9,13 @@ on:
   schedule:
     - cron: '50 */6 * * *'
 
+permissions:
+  contents: read
+
 jobs:
   add-requests-to-board:
     name: Add requests to board
+    if: ${{ github.repository == 'github/docs-internal' }}
     runs-on: ubuntu-latest
 
     steps: