From bbfaea27eb33b9c02f7efb7db7df7bfe906586ec Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Tue, 6 Dec 2022 14:14:02 -0500
Subject: [PATCH] Document permissions grants

---
 .github/workflows/spelling3.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/spelling3.yml b/.github/workflows/spelling3.yml
index 7a8f413390..5888f89a12 100644
--- a/.github/workflows/spelling3.yml
+++ b/.github/workflows/spelling3.yml
@@ -22,8 +22,14 @@ jobs:
   spelling:
     name: Spell checking
     permissions:
+      # contents-read is needed to checkout in private repositories
       contents: read
+      # actions-read is needed (possibly only for private repositories)
+      # to identify the workflow's filename until
+      # https://github.com/actions/runner/issues/853 is fixed
       actions: read
+      # security-events-write is needed according to the documentation:
+      # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions
       security-events: write
     outputs:
       followup: ${{ steps.spelling.outputs.followup }}
-- 
2.47.2