From 669e56b16f7b3d56925b1d90373a668c9f1e8a8d Mon Sep 17 00:00:00 2001
From: Josh GM Walker <56300765+Josh-Walker-GM@users.noreply.github.com>
Date: Thu, 29 Aug 2024 22:33:36 +0100
Subject: [PATCH] wip

---
 .github/workflows/check-changelog.yml            | 2 ++
 .github/workflows/check-create-redwood-app.yml   | 2 ++
 .github/workflows/check-test-project-fixture.yml | 4 ++++
 .github/workflows/codeql-analysis.yml            | 5 +++--
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/check-changelog.yml b/.github/workflows/check-changelog.yml
index af5be4a6b56d..4766a3fd002d 100644
--- a/.github/workflows/check-changelog.yml
+++ b/.github/workflows/check-changelog.yml
@@ -19,6 +19,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   check-changesets:
     name: 📝 Check changesets
diff --git a/.github/workflows/check-create-redwood-app.yml b/.github/workflows/check-create-redwood-app.yml
index cdcfa0d9c7cc..ab073e747c11 100644
--- a/.github/workflows/check-create-redwood-app.yml
+++ b/.github/workflows/check-create-redwood-app.yml
@@ -10,6 +10,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   check-create-redwood-app:
     name: Check create redwood app
diff --git a/.github/workflows/check-test-project-fixture.yml b/.github/workflows/check-test-project-fixture.yml
index d6c083cae954..a94c4b70659f 100644
--- a/.github/workflows/check-test-project-fixture.yml
+++ b/.github/workflows/check-test-project-fixture.yml
@@ -10,6 +10,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   detect-changes:
     if: github.repository == 'redwoodjs/redwood'
@@ -39,6 +41,8 @@ jobs:
     if: needs.detect-changes.outputs.code == 'true'
     name: Check test project fixture
     runs-on: ubuntu-latest
+    permissions:
+      actions: write
     steps:
       - uses: actions/checkout@v4
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 41a76ea46528..86182601074c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,13 +26,14 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions:
-  security-events: write
+permissions: {}
 
 jobs:
   analyze:
     name: 🔬 Analyze
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
 
     strategy:
       fail-fast: false