From 339623a469c116bd39bb34678437232cc742bf60 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 31 Oct 2024 07:05:35 +0100
Subject: [PATCH] Improve github action security

See https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
---
 .github/workflows/benchmark.yml | 2 ++
 .github/workflows/codeql.yml    | 2 ++
 .github/workflows/docker.yml    | 2 ++
 .github/workflows/nightly.yml   | 2 ++
 .github/workflows/stats.yml     | 2 ++
 .github/workflows/test.yml      | 2 ++
 6 files changed, 12 insertions(+)

diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
index c422ff281..dc881d7e6 100644
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -1,5 +1,7 @@
 name: Benchmark
 
+permissions: {}
+
 on:
   push:
     branches:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f049814e6..82d4aef93 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -11,6 +11,8 @@
 #
 name: "CodeQL"
 
+permissions: {}
+
 on:
   push:
     branches: [ develop, next ]
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 470534e38..57f0c6768 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,5 +1,7 @@
 name: Docker
 
+permissions: {}
+
 on:
   push:
     branches:
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index ad8348362..06990e7f5 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -1,5 +1,7 @@
 name: Nightly
 
+permissions: {}
+
 on:
   schedule:
     - cron: '0 3 * * *'
diff --git a/.github/workflows/stats.yml b/.github/workflows/stats.yml
index b6a4e4295..147bd7ece 100644
--- a/.github/workflows/stats.yml
+++ b/.github/workflows/stats.yml
@@ -1,5 +1,7 @@
 name: Stats
 
+permissions: {}
+
 on:
   push:
     branches:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2cb60e2b9..4fe94e865 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,5 +1,7 @@
 name: Test
 
+permissions: {}
+
 on:
   push:
   pull_request: