From 8faced56d5656c26c55344ddf8d95010f6c84eb6 Mon Sep 17 00:00:00 2001
From: Georg Kunz <georg.kunz@ericsson.com>
Date: Tue, 20 Feb 2024 22:46:11 +0100
Subject: [PATCH] Setting GITHUB_TOKEN permissions

Set the permissions of the GITHUB_TOKEN of workflows to read-only
to avoid misuse.
---
 .github/workflows/run-pdk-tests-on-puppet-7.yml | 2 ++
 .github/workflows/run-pdk-tests-on-puppet-8.yml | 2 ++
 .github/workflows/run-pdk-validate.yml          | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/run-pdk-tests-on-puppet-7.yml b/.github/workflows/run-pdk-tests-on-puppet-7.yml
index d48444d..a15fa0f 100644
--- a/.github/workflows/run-pdk-tests-on-puppet-7.yml
+++ b/.github/workflows/run-pdk-tests-on-puppet-7.yml
@@ -4,6 +4,8 @@ on:
   - push
   - pull_request
 
+permissions: read-all
+
 jobs:
   test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/run-pdk-tests-on-puppet-8.yml b/.github/workflows/run-pdk-tests-on-puppet-8.yml
index 1eb10bb..74b6ec6 100644
--- a/.github/workflows/run-pdk-tests-on-puppet-8.yml
+++ b/.github/workflows/run-pdk-tests-on-puppet-8.yml
@@ -4,6 +4,8 @@ on:
   - push
   - pull_request
 
+permissions: read-all
+
 jobs:
   test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/run-pdk-validate.yml b/.github/workflows/run-pdk-validate.yml
index 07388c8..d3295c0 100644
--- a/.github/workflows/run-pdk-validate.yml
+++ b/.github/workflows/run-pdk-validate.yml
@@ -5,6 +5,8 @@ on:
   - push
   - pull_request
 
+permissions: read-all
+
 jobs:
   validate:
     runs-on: ubuntu-latest