From 69215f1c52a979498f56ea4e14c6d874c1339777 Mon Sep 17 00:00:00 2001
From: daz <daz@gradle.com>
Date: Wed, 11 Dec 2024 12:31:33 -0700
Subject: [PATCH] Restrict permissions for combine-prs job

---
 .github/workflows/ci-combine-bot-prs.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci-combine-bot-prs.yml b/.github/workflows/ci-combine-bot-prs.yml
index 189fd12..133a09f 100644
--- a/.github/workflows/ci-combine-bot-prs.yml
+++ b/.github/workflows/ci-combine-bot-prs.yml
@@ -3,14 +3,15 @@ name: Combine Bot PRs
 on:
   workflow_dispatch:
 
-# The minimum permissions required to run this Action
 permissions:
-  contents: write
-  pull-requests: write
-  checks: read
+  contents: read
 
 jobs:
   combine-wrapperbot-prs:
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: read
     if: github.repository == 'gradle/actions'
     runs-on: ubuntu-latest
     steps:
@@ -18,6 +19,6 @@ jobs:
         uses: github/combine-prs@v5.2.0
         with:
           branch_prefix: wrapperbot
+          combine_branch_name: wrapperbot/combined-wrapper-updates
           pr_title: 'Bump Gradle Wrappers'
           ci_required: "false"
-          github_token: ${{ secrets.BOT_GITHUB_TOKEN }}