From 3caeac784ec1b53eabb967270707a2e4f1c21e7a Mon Sep 17 00:00:00 2001
From: Michael Jabbour <michael.jabbour@sonarsource.com>
Date: Sun, 8 Sep 2024 18:13:10 +0200
Subject: [PATCH] Explicit permissions for GITHUB_TOKEN where write is needed

---
 .github/workflows/add_language.yml           | 3 +++
 .github/workflows/create_new_rspec.yml       | 3 +++
 .github/workflows/update_quickfix_status.yml | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/add_language.yml b/.github/workflows/add_language.yml
index 142cf761262..041f661e0f2 100644
--- a/.github/workflows/add_language.yml
+++ b/.github/workflows/add_language.yml
@@ -15,6 +15,9 @@ on:
 jobs:
   add_language_to_rule:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
diff --git a/.github/workflows/create_new_rspec.yml b/.github/workflows/create_new_rspec.yml
index 79dbaa2344f..a01e0e47fc9 100644
--- a/.github/workflows/create_new_rspec.yml
+++ b/.github/workflows/create_new_rspec.yml
@@ -12,6 +12,9 @@ on:
 jobs:
   create_new_rule:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
diff --git a/.github/workflows/update_quickfix_status.yml b/.github/workflows/update_quickfix_status.yml
index 11a42e825a6..2f9635588e7 100644
--- a/.github/workflows/update_quickfix_status.yml
+++ b/.github/workflows/update_quickfix_status.yml
@@ -26,6 +26,9 @@ jobs:
   update_quickfix_status:
     name: Update quick fix status
     runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+      pull-requests: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps: