From 634aacf888946ab2c58334e7751efeeeaf392edf Mon Sep 17 00:00:00 2001
From: Giovanni Pellerano <giovanni.pellerano@globaleaks.org>
Date: Sun, 20 Oct 2024 11:21:24 +0200
Subject: [PATCH] Revise default permission on workflows

---
 .github/workflows/build.yml  | 3 +++
 .github/workflows/codacy.yml | 4 ++--
 .github/workflows/codeql.yml | 3 +++
 .github/workflows/test.yml   | 3 +++
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index da0fa22ad3..dd919b228c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,6 +2,9 @@ name: Build
 
 on: [ push, pull_request ]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   run_build:
     runs-on: "ubuntu-latest"
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 37dc4ae19e..26d3bf45a2 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -22,8 +22,8 @@ on:
   schedule:
     - cron: '33 6 * * 2'
 
-permissions:
-  contents: read
+# Declare default permissions as read only.
+permissions: read-all
 
 jobs:
   codacy-security-scan:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 99a432ccef..5b8ae8d2ee 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -8,6 +8,9 @@ on:
   schedule:
     - cron: '15 14 * * 6'
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 224b8601e1..499cfb257b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,6 +2,9 @@ name: Test
 
 on: [ push, pull_request ]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 env:
   CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}