From a27888b5172f73f7e17da667e9b7891f218c60a9 Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Mon, 11 Jul 2022 08:14:35 -0700
Subject: [PATCH] (maint) Add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
---
 .github/workflows/checks.yaml       | 3 +++
 .github/workflows/rspec_tests.yaml  | 3 +++
 .github/workflows/snyk_monitor.yaml | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
index 54ff19bbf57..098a6fbcf99 100644
--- a/.github/workflows/checks.yaml
+++ b/.github/workflows/checks.yaml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   checks:
     name: ${{ matrix.cfg.check }}
diff --git a/.github/workflows/rspec_tests.yaml b/.github/workflows/rspec_tests.yaml
index 51d5b2f95bd..9be4ca582c0 100644
--- a/.github/workflows/rspec_tests.yaml
+++ b/.github/workflows/rspec_tests.yaml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   rspec_tests:
     name: ${{ matrix.cfg.os }}(ruby ${{ matrix.cfg.ruby }})
diff --git a/.github/workflows/snyk_monitor.yaml b/.github/workflows/snyk_monitor.yaml
index c3d0de59f1e..7b296c19721 100644
--- a/.github/workflows/snyk_monitor.yaml
+++ b/.github/workflows/snyk_monitor.yaml
@@ -4,6 +4,9 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: read
+
 jobs:
   snyk_monitor:
     if: ${{ github.repository_owner == 'puppetlabs' }}