From cd2082e0584d4e39d11e3f401184e0d558ab304f Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Wed, 8 Mar 2023 13:27:09 -0300
Subject: [PATCH] Set token permissions to workflows (#3156)

Signed-off-by: Joyce <joycebrum@google.com>
---
 .github/workflows/continuous_deployment.yml  | 6 ++++++
 .github/workflows/continuous_integration.yml | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/continuous_deployment.yml b/.github/workflows/continuous_deployment.yml
index 61e7c266..d8fe9bee 100644
--- a/.github/workflows/continuous_deployment.yml
+++ b/.github/workflows/continuous_deployment.yml
@@ -22,9 +22,13 @@ on:
         branches:
             - main
 
+permissions: read-all
+
 jobs:
     linux:
         runs-on: ${{matrix.os.genus}}
+        permissions:
+            contents: write
         strategy:
             fail-fast: false
             matrix:
@@ -101,6 +105,8 @@ jobs:
 
     macos:
         runs-on: ${{matrix.os.genus}}
+        permissions:
+            contents: write
         strategy:
             fail-fast: false
             matrix:
diff --git a/.github/workflows/continuous_integration.yml b/.github/workflows/continuous_integration.yml
index c0b1cf9e..2b2a086a 100644
--- a/.github/workflows/continuous_integration.yml
+++ b/.github/workflows/continuous_integration.yml
@@ -12,6 +12,8 @@ on:
         branches:
             - main
 
+permissions: read-all
+
 jobs:
     linux:
         runs-on: ${{matrix.os}}