From 91f3e3bf0b994311f7076d79ecc662cb2639ecc2 Mon Sep 17 00:00:00 2001
From: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Date: Mon, 4 Sep 2023 15:30:21 +0000
Subject: [PATCH] Set minimal workflow permissions

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---
 .github/workflows/ci.yaml     | 3 +++
 .github/workflows/codeql.yaml | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9c2ec25..4bccb47 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,6 +5,9 @@ on:
     branches: [master]
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Test
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 4be0773..7ae3959 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -20,13 +20,15 @@ on:
   schedule:
     - cron: '27 12 * * 0'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
       actions: read
-      contents: read
       security-events: write
 
     strategy: