From 1e65dcd4752f1fdb1746d8385810d75acad25158 Mon Sep 17 00:00:00 2001
From: Andy Pixley <3723676+pixman20@users.noreply.github.com>
Date: Wed, 18 Jun 2025 17:23:12 -0400
Subject: [PATCH 1/2] [BRE-848] Adding Workflow Permissions

---
 .github/workflows/ci.yml              | 15 +++++++++++----
 .github/workflows/enforce-labels.yml  |  5 +++++
 .github/workflows/workflow-linter.yml |  4 ++++
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5478c0d..fd509b3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,22 +6,29 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   build:
+    name: Build and Test
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     strategy:
       matrix:
         node-version: [20.x, 22.x]
 
     steps:
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Checkout Repo
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'
-    - run: npm ci
-    - run: npm run build --if-present
+    - name: NPM CI
+      run: npm ci
+    - name: NPM Build
+      run: npm run build --if-present
 
diff --git a/.github/workflows/enforce-labels.yml b/.github/workflows/enforce-labels.yml
index db51712..0970492 100644
--- a/.github/workflows/enforce-labels.yml
+++ b/.github/workflows/enforce-labels.yml
@@ -4,6 +4,11 @@ on:
   workflow_call:
   pull_request:
     types: [labeled, unlabeled, opened, edited, synchronize]
+
+permissions:
+  contents: read
+  pull-requests: read
+
 jobs:
   enforce-label:
     name: Enforce Label
diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml
index 625f845..6f9aaac 100644
--- a/.github/workflows/workflow-linter.yml
+++ b/.github/workflows/workflow-linter.yml
@@ -6,6 +6,10 @@ on:
     paths:
       - .github/workflows/**
 
+permissions:
+  contents: read
+
 jobs:
   call-workflow:
+    name: Call Workflow Linter
     uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@abd4b8f01f8b34457a6ab35bd253768f4045231a

From f46734fb657e9f76ee698c9e57319460bd9858ae Mon Sep 17 00:00:00 2001
From: Andy Pixley <3723676+pixman20@users.noreply.github.com>
Date: Fri, 20 Jun 2025 12:21:41 -0400
Subject: [PATCH 2/2] Removing duplicate workflow linter workflow as it's now
 set on the org

---
 .github/workflows/workflow-linter.yml | 15 ---------------
 1 file changed, 15 deletions(-)
 delete mode 100644 .github/workflows/workflow-linter.yml

diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml
deleted file mode 100644
index 6f9aaac..0000000
--- a/.github/workflows/workflow-linter.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-name: Workflow Linter
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/**
-
-permissions:
-  contents: read
-
-jobs:
-  call-workflow:
-    name: Call Workflow Linter
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@abd4b8f01f8b34457a6ab35bd253768f4045231a