From 83aba89820b4890c39d8083419d78b622912b819 Mon Sep 17 00:00:00 2001
From: Ivan Valdes <ivan@vald.es>
Date: Fri, 2 Aug 2024 10:37:02 -0700
Subject: [PATCH] github/workflows: set top-level file permissions

The gh-workflow-approve and tests_windows actions didnt't specify
top-level permissions. This is an improvement towards having a better
OpenSSF Scorecard Report score.

Signed-off-by: Ivan Valdes <ivan@vald.es>
---
 .github/workflows/gh-workflow-approve.yaml | 2 +-
 .github/workflows/tests_windows.yml        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/gh-workflow-approve.yaml b/.github/workflows/gh-workflow-approve.yaml
index fa1fdd12d..4da2e4f79 100644
--- a/.github/workflows/gh-workflow-approve.yaml
+++ b/.github/workflows/gh-workflow-approve.yaml
@@ -1,6 +1,6 @@
 ---
 name: Approve GitHub Workflows
-
+permissions: read-all
 on:
   pull_request_target:
     types:
diff --git a/.github/workflows/tests_windows.yml b/.github/workflows/tests_windows.yml
index 6c5f6fc11..d354fd49c 100644
--- a/.github/workflows/tests_windows.yml
+++ b/.github/workflows/tests_windows.yml
@@ -1,6 +1,7 @@
 ---
 name: Tests
 on: [push, pull_request]
+permissions: read-all
 jobs:
   test-windows:
     strategy: