From 7435695690686903164a9ecd523002868926dbb3 Mon Sep 17 00:00:00 2001
From: Weilin Xu <weilin.xu@intel.com>
Date: Wed, 6 Mar 2024 07:30:10 -0800
Subject: [PATCH] Specify read-all permissions in workflows. (#246)

---
 .github/workflows/code-quality-main.yaml | 2 ++
 .github/workflows/code-quality-pr.yaml   | 2 ++
 .github/workflows/test.yml               | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/code-quality-main.yaml b/.github/workflows/code-quality-main.yaml
index 88b72209..dc8dc800 100644
--- a/.github/workflows/code-quality-main.yaml
+++ b/.github/workflows/code-quality-main.yaml
@@ -7,6 +7,8 @@ on:
   push:
     branches: [main]
 
+permissions: read-all
+
 jobs:
   code-quality:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/code-quality-pr.yaml b/.github/workflows/code-quality-pr.yaml
index a70225c1..c90b5277 100644
--- a/.github/workflows/code-quality-pr.yaml
+++ b/.github/workflows/code-quality-pr.yaml
@@ -10,6 +10,8 @@ on:
   pull_request:
     branches: [main, "release/*"]
 
+permissions: read-all
+
 jobs:
   code-quality:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 828da35e..5bdaaea8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,8 @@ on:
   pull_request:
     branches: [main, "release/*"]
 
+permissions: read-all
+
 jobs:
   run_tests:
     runs-on: ${{ matrix.os }}