From 5463b455a21e928caf38bf4ffe200c701c84dc4d Mon Sep 17 00:00:00 2001
From: Rob Anderson <robandpdx@github.com>
Date: Thu, 21 Nov 2024 15:19:09 -0800
Subject: [PATCH] add workflow permissions (#150)

---
 .github/workflows/pr.yml                | 4 ++++
 .github/workflows/review-probot-prs.yml | 6 ++++++
 .github/workflows/test.yml              | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index e1899a2..c18da51 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -7,6 +7,10 @@ on:
       - opened
       - synchronize
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   run-tests:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/review-probot-prs.yml b/.github/workflows/review-probot-prs.yml
index 3cae2c9..86b0150 100644
--- a/.github/workflows/review-probot-prs.yml
+++ b/.github/workflows/review-probot-prs.yml
@@ -1,7 +1,13 @@
 name: Review Probot PRs
+
 on:
   pull_request:
     types: [opened, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   bot:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c2c0f5b..6cd7cad 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,8 +1,13 @@
 name: Main Tests
+
 on:
   push:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest