From a430221f89fb4af5290e5a54264375f59065dfb5 Mon Sep 17 00:00:00 2001
From: Andrew McClenaghan <andrew.mcclenaghan@gmail.com>
Date: Fri, 21 Apr 2023 10:30:35 +1000
Subject: [PATCH] fix: Add permissions to root of all workflows

---
 .github/workflows/codeql.yml   | 5 +++++
 .github/workflows/pr-check.yml | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index b49d4302..235d479a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -20,6 +20,11 @@ on:
   schedule:
     - cron: '19 15 * * 6'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index f8f3f7a9..212ccc3b 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 concurrency:
   group: "ci-check"
   cancel-in-progress: false