From 4cb8398fa7767ab2b272fd59ced088473fb2817e Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Sat, 13 Sep 2025 17:41:18 +0200
Subject: [PATCH] ci/GHA: document permissions as required by zizmor 1.13.0

Closes #1653
---
 .github/workflows/appveyor_status.yml | 2 +-
 .github/workflows/openssh_server.yml  | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/appveyor_status.yml b/.github/workflows/appveyor_status.yml
index dcfde078..3085b35b 100644
--- a/.github/workflows/appveyor_status.yml
+++ b/.github/workflows/appveyor_status.yml
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event.sender.login == 'appveyor[bot]' }}
     permissions:
-      statuses: write
+      statuses: write  # To update build statuses
     steps:
       - name: 'Create individual AppVeyor build statuses'
         if: ${{ github.event.sha && github.event.target_url }}
diff --git a/.github/workflows/openssh_server.yml b/.github/workflows/openssh_server.yml
index 7f7db08f..ff74d7c9 100644
--- a/.github/workflows/openssh_server.yml
+++ b/.github/workflows/openssh_server.yml
@@ -24,8 +24,6 @@
 #
 # SPDX-License-Identifier: BSD-3-Clause
 
-# https://docs.github.com/actions/use-cases-and-examples/publishing-packages/publishing-docker-images
-
 name: 'OpenSSH Server Docker Image'
 
 'on':
@@ -39,8 +37,8 @@ jobs:
     name: 'Image build and push'
     runs-on: ubuntu-latest
     permissions:
-      contents: read
-      packages: write
+      contents: read   # To comply with https://docs.github.com/en/actions/tutorials/publish-packages/publish-docker-images
+      packages: write  # To create/update container
     steps:
       - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with: