From 1caab07b185621b255bf4b468fbaf405738545e2 Mon Sep 17 00:00:00 2001
From: Marcus Brandenburger <bur@zurich.ibm.com>
Date: Thu, 16 May 2024 22:05:35 +0200
Subject: [PATCH] Set github actions permissions

As suggested by OpenSSF restrict actions permission as needed.
Our actions only need read access to checkout the repo.

Signed-off-by: Marcus Brandenburger <bur@zurich.ibm.com>
---
 .github/workflows/documentation.yml | 3 ++-
 .github/workflows/test.yml          | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
index d2ed9232e..ac85e8c49 100644
--- a/.github/workflows/documentation.yml
+++ b/.github/workflows/documentation.yml
@@ -10,7 +10,8 @@ on:
 defaults:
   run:
     shell: bash
-permissions: {}
+permissions:
+  contents: read
 jobs:
   check-md-only:
     name: This job was triggered
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bb51c26f2..8e48ae442 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,6 +12,10 @@ on:
      paths-ignore: 
        - '**.md'
        - '.github/workflows/**'
+
+permissions:
+  contents: read
+
 env:
   DOCKER_REGISTRY: 'ghcr.io'
   PUSH_TO_MAIN: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}