From 8a580802024c8c23bf09334b8bd2cf3f11d6f8c4 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Fri, 9 Feb 2024 07:38:25 -0500
Subject: [PATCH] ci(workflows): add permissions (#669)

---
 .github/workflows/codeql-analysis.yml | 5 +++++
 .github/workflows/release.yml         | 4 ++++
 .github/workflows/test.yml            | 4 ++++
 .github/workflows/update-prettier.yml | 4 ++++
 4 files changed, 17 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index aae01cddc..9da861c57 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -10,6 +10,11 @@ on:
   schedule:
     - cron: '0 13 * * 5'
 
+permissions:
+  contents: read
+  actions: read
+  security-events: write
+
 jobs:
   CodeQL-Build:
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 836c32357..89add8820 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,6 +6,10 @@ name: Release
       - next
       - beta
       - "*.x"
+
+permissions:
+  contents: read
+
 jobs:
   release:
     name: release
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4e6a72562..a462c85a8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,6 +8,10 @@ name: Test
     types:
       - opened
       - synchronize
+
+permissions:
+  contents: read
+
 jobs:
   test_matrix:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/update-prettier.yml b/.github/workflows/update-prettier.yml
index ba5d3ba4e..e5c37af84 100644
--- a/.github/workflows/update-prettier.yml
+++ b/.github/workflows/update-prettier.yml
@@ -3,6 +3,10 @@ name: Update Prettier
   push:
     branches:
       - renovate/prettier-*
+
+permissions:
+  contents: read
+
 jobs:
   update_prettier:
     runs-on: ubuntu-latest