From 81a0f11bfac9f15710c6bff5880ba20e13d81a0f Mon Sep 17 00:00:00 2001
From: Ernest Prabhakar <ernest@quiltdata.io>
Date: Sat, 1 Apr 2023 21:53:17 -0700
Subject: [PATCH] workflow permissions read-all

---
 .github/workflows/mega-linter.yml | 2 ++
 .github/workflows/test.yml        | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index 7ea28695..9a4a3ba5 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -6,6 +6,8 @@ on:
   # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
   push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions)
 
+permissions: read-all
+
 env: # Comment env block if you do not want to apply fixes
   # Apply linter fixes configuration
   APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index aef9d073..bff5e17a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,8 @@ on:
   pull_request:
     branches: [master]
 
+permissions: read-all
+
 jobs:
   build:
     name: Test