From fda64c81c6f1fe0b36b7887586f1940bd982384e Mon Sep 17 00:00:00 2001
From: jt-dd <112463504+jt-dd@users.noreply.github.com>
Date: Wed, 28 Aug 2024 18:45:01 +0200
Subject: [PATCH] Fix workflows RBAC (#249)

* fix workflows RBAC

* Update .github/workflows/datadog-static-analysis.yml

Co-authored-by: Edouard Schweisguth <edouard.schweisguth@datadoghq.com>

---------

Co-authored-by: Edouard Schweisguth <edouard.schweisguth@datadoghq.com>
---
 .github/workflows/datadog-static-analysis.yml | 2 +-
 .github/workflows/system-test.yml             | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index 26514b160..cb1cd270f 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -4,7 +4,7 @@ on:
   push:
 
 permissions:
-  contents: write
+  contents: write # write permission is needed to get access to the DD_API_KEY secret - https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#accessing-your-secrets
 
 jobs:
   static-analysis:
diff --git a/.github/workflows/system-test.yml b/.github/workflows/system-test.yml
index ae8b80b7d..8087a73f5 100644
--- a/.github/workflows/system-test.yml
+++ b/.github/workflows/system-test.yml
@@ -6,6 +6,9 @@ on:
       - main
   pull_request:
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   system-test:
     runs-on: