From 009b9ae9e446ad8d9b8c809870b0fbcc5e03573e Mon Sep 17 00:00:00 2001
From: Ben Wells <benwells@github.com>
Date: Thu, 16 Jan 2025 14:14:48 -0500
Subject: [PATCH] Documentation update - add recommended permissions to Readme
 (#2043)

* Update README.md

* Update README.md

Co-authored-by: Josh Gross <joshmgross@github.com>

---------

Co-authored-by: Josh Gross <joshmgross@github.com>
---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index b0f6224..f28fec7 100644
--- a/README.md
+++ b/README.md
@@ -311,6 +311,16 @@ jobs:
           git commit -m "generated"
           git push
 ```
+
+## Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D