From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 21 Jan 2022 21:45:59 +0000 (-0600)
Subject: github-ci: set workflow permissions to read-all
X-Git-Tag: suricata-7.0.0-beta1~968
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee933794aa2a13e5341b40b683a0b053e0d058d6;p=thirdparty%2Fsuricata.git

github-ci: set workflow permissions to read-all
---

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index a6aa20417a..1a53c10640 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -4,6 +4,8 @@ on:
   - push
   - pull_request
 
+permissions: read-all
+
 env:
   DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp
   DEFAULT_LIBHTP_BRANCH: 0.5.x
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index f779ed32c7..9010c237e0 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -1,5 +1,6 @@
 name: CIFuzz
 on: [pull_request]
+permissions: read-all
 jobs:
  Fuzzing:
    runs-on: ubuntu-latest
diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml
index 651cacfa95..fac19f9966 100644
--- a/.github/workflows/commits.yml
+++ b/.github/workflows/commits.yml
@@ -3,6 +3,8 @@ name: commit-check
 on:
   - pull_request
 
+permissions: read-all
+
 jobs:
 
   check-commits:
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
index e77389511b..b1c040058f 100644
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -8,6 +8,8 @@ on:
       - 'master-*'
   pull_request:
 
+permissions: read-all
+
 jobs:
 
   # Checking for correct formatting of branch for C code changes