From 89d43235c46a4899acb42f759b1654d1b1efec4b Mon Sep 17 00:00:00 2001
From: Jarek Radosz <jradosz@gmail.com>
Date: Sat, 30 Jul 2022 17:22:03 +0200
Subject: [PATCH] DEV: Set permissions for GitHub actions (#17733)

Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Co-authored-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 .github/workflows/licenses.yml | 3 +++
 .github/workflows/linting.yml  | 3 +++
 .github/workflows/tests.yml    | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml
index 970ed87a2a8..755852add28 100644
--- a/.github/workflows/licenses.yml
+++ b/.github/workflows/licenses.yml
@@ -10,6 +10,9 @@ concurrency:
   group: licenses-${{ format('{0}-{1}', github.head_ref || github.run_number, github.job) }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: run
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 08c147b29a7..3ce7b5d5f30 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -10,6 +10,9 @@ concurrency:
   group: linting-${{ format('{0}-{1}', github.head_ref || github.run_number, github.job) }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: run
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index dd5d31ff0e5..a2c9f200b8f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -12,6 +12,9 @@ concurrency:
   group: tests-${{ format('{0}-{1}', github.head_ref || github.run_number, github.job) }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: ${{ matrix.target }} ${{ matrix.build_type }}