From cc33c47a0d06027f8c21ecc9730db04a7b6eb2bd Mon Sep 17 00:00:00 2001
From: Z Chen <13544267+zijchen@users.noreply.github.com>
Date: Wed, 24 Jan 2024 09:41:28 -0800
Subject: [PATCH] Add permissions block to workflows (#204)

* Add read-all permissions to all workflows

* Add id-token write to pr-check

* Remove unnecessary
---
 .github/workflows/defaultLabels.yml | 3 +++
 .github/workflows/pr-check.yml      | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/defaultLabels.yml b/.github/workflows/defaultLabels.yml
index 74d39a57..3282c9f4 100644
--- a/.github/workflows/defaultLabels.yml
+++ b/.github/workflows/defaultLabels.yml
@@ -10,6 +10,9 @@ jobs:
   build:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index f522d97b..dedd82c8 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -16,6 +16,9 @@ jobs:
   deploy:
     environment: Automation test # this environment requires approval before running the action
     runs-on: ${{ matrix.os }}
+    permissions:
+      checks: write
+      id-token: write
     continue-on-error: true
     strategy:
       matrix: