From 9f76c3d0643f04dca9335319b0af9c998a0a4dd2 Mon Sep 17 00:00:00 2001
From: mrz1836 <mrz1818@gmail.com>
Date: Tue, 21 May 2024 13:56:32 -0400
Subject: [PATCH] Added perms to github actions

---
 .github/workflows/codeql-analysis.yml | 5 ++---
 .github/workflows/run-tests.yml       | 3 +++
 .github/workflows/stale.yml           | 5 ++++-
 .github/workflows/super-linter.yml    | 2 ++
 .github/workflows/sync-labels.yml     | 3 +++
 5 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 0c2948a..a584fcd 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -11,9 +11,8 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [master]
-  # schedule:
-  #  - cron: '0 23 * * 0'
-
+permissions:
+  contents: read
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 23d9fa1..05e206b 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -12,6 +12,9 @@ on:
     branches:
       - "*"
 
+permissions:
+  contents: read
+
 jobs:
   yamllint:
     name: Run yaml linter
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index da755cf..949740b 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -8,7 +8,10 @@ name: stale-check
 on:
   schedule:
     - cron: '32 8 * * *'
-
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
 jobs:
   stale:
 
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
index c599424..c686178 100644
--- a/.github/workflows/super-linter.yml
+++ b/.github/workflows/super-linter.yml
@@ -11,6 +11,8 @@ on:
     branches: [master]
   pull_request:
     branches: [master]
+permissions:
+  contents: read
 jobs:
   run-lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index da0514a..9071ea5 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -7,6 +7,9 @@ on:
       - master
     paths:
       - .github/labels.yml
+permissions:
+  contents: read
+  issues: write
 jobs:
   sync-labels:
     runs-on: ubuntu-latest