From f0c4dbbc163f3482f1d654a8fa8e38dee22a6883 Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Mon, 6 Jan 2025 14:01:43 -0800
Subject: [PATCH] Tighten permissions for merge-main

---
 .github/workflows/merge-main.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml
index f83c5549..b2770897 100644
--- a/.github/workflows/merge-main.yml
+++ b/.github/workflows/merge-main.yml
@@ -8,13 +8,12 @@ on:
       - "**.md"
   workflow_dispatch:
 
-env:
-  NAME: fom
-
 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   vars:
     name: Set Variables
@@ -133,6 +132,8 @@ jobs:
   prod-promotions:
     name: Promote images to PROD
     needs: [deploy-prod, vars]
+    permissions:
+      packages: write
     runs-on: ubuntu-24.04
     strategy:
       matrix: