From a87943d9bfb47687a40763774b9972c9a00d33dd Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 13 Feb 2024 09:42:55 -0600
Subject: [PATCH] github-ci: apply read-only permissions to more workflows

- authors.yml
- codeql.yml
- scan-build.yml
---
 .github/workflows/authors.yml    | 2 ++
 .github/workflows/codeql.yml     | 2 ++
 .github/workflows/scan-build.yml | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/authors.yml b/.github/workflows/authors.yml
index 77bb2614de24..e4b0c563c7c3 100644
--- a/.github/workflows/authors.yml
+++ b/.github/workflows/authors.yml
@@ -3,6 +3,8 @@ name: New Authors Check
 on:
   pull_request:
 
+permissions: read-all
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e7fc1e43c06a..d62339a48399 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,6 +13,8 @@ on:
   schedule:
     - cron: '18 21 * * 1'
 
+permissions: read-all
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml
index f0df97e7c80e..966139d10a57 100644
--- a/.github/workflows/scan-build.yml
+++ b/.github/workflows/scan-build.yml
@@ -8,6 +8,8 @@ on:
     paths-ignore:
       - "doc/**"
 
+permissions: read-all
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true