From 53fa1f9e3ef164f1898ba14c1750ed1d6fda56f7 Mon Sep 17 00:00:00 2001
From: Soule BA <soule@weave.works>
Date: Thu, 20 Jan 2022 15:20:52 +0100
Subject: [PATCH] Add Permissions to github Workflows

Imrove GITHUB_TOKEN permissions in the workflows.

Signed-off-by: Soule BA <soule@weave.works>
---
 .github/workflows/e2e.yaml    | 3 +++
 .github/workflows/nightly.yml | 3 +++
 .github/workflows/scan.yaml   | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 67548291e..aec5dcd56 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+
 jobs:
 
   kind-linux-amd64:
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 0d60165a2..db0397b52 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -7,6 +7,9 @@ on:
 env:
   REPOSITORY: ${{ github.repository }}
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index fd0fbae9b..4bdcc0c97 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -8,6 +8,10 @@ on:
   schedule:
     - cron: '18 10 * * 3'
 
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for codeQL to write security events
+
 jobs:
   fossa:
     name: FOSSA