From ec49a8f53d8a12b5b154acf2b643b84b032b137a Mon Sep 17 00:00:00 2001
From: Christof Marti <chrmarti@microsoft.com>
Date: Tue, 5 Mar 2024 16:20:21 +0100
Subject: [PATCH] Add workflow permissions (#282)

---
 .github/workflows/ci_branch.yml | 4 ++++
 .github/workflows/ci_common.yml | 4 ++++
 .github/workflows/ci_main.yml   | 4 ++++
 .github/workflows/pr-bot.yml    | 4 +++-
 .github/workflows/pr_auto.yml   | 4 ++++
 5 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci_branch.yml b/.github/workflows/ci_branch.yml
index a9f985f7..99fff297 100644
--- a/.github/workflows/ci_branch.yml
+++ b/.github/workflows/ci_branch.yml
@@ -16,6 +16,10 @@ on:
         type: boolean
         required: false
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   build-test-publish:
     name: "Build, test, publish"
diff --git a/.github/workflows/ci_common.yml b/.github/workflows/ci_common.yml
index aa4f7997..c40f6403 100644
--- a/.github/workflows/ci_common.yml
+++ b/.github/workflows/ci_common.yml
@@ -50,6 +50,10 @@ on:
         description: ""
         required: true
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   build: # run build using the github action!
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ci_main.yml b/.github/workflows/ci_main.yml
index 6a4abcef..657f85d6 100644
--- a/.github/workflows/ci_main.yml
+++ b/.github/workflows/ci_main.yml
@@ -7,6 +7,10 @@ on:
     branches: [main]
   workflow_dispatch:
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   build-test-publish:
     name: "Build, test, publish"
diff --git a/.github/workflows/pr-bot.yml b/.github/workflows/pr-bot.yml
index e1f7ce0d..7813843d 100644
--- a/.github/workflows/pr-bot.yml
+++ b/.github/workflows/pr-bot.yml
@@ -9,7 +9,9 @@ on:
     # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment
     # https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment
 
-
+permissions:
+  contents: write
+  packages: write
 
 jobs:
   pr_comment:
diff --git a/.github/workflows/pr_auto.yml b/.github/workflows/pr_auto.yml
index 45231626..6412806c 100644
--- a/.github/workflows/pr_auto.yml
+++ b/.github/workflows/pr_auto.yml
@@ -10,6 +10,10 @@ on:
       - README.md
       - 'docs/**'
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   build-test:
     name: "Build, test, publish"